Your fitness tracker could be revealing your bank PIN

It's recording your wrist movements

Your smartwatch or fitness tracker may betray you by giving away your passwords and PIN numbers to hackers.

New research from scientists at Binghamton University and Stevens Institute of Technology in the US took data from sensors in wearable tech and used an algorithm to work out the passwords victims were entering.

Data from the accelerometer, gyroscope and magnetometers could be used to monitor the way your wrist moves, whether you're tapping in your pin at a cash point, or entering your Facebook password on your phone. There are a wide range of scenarios where your wearable could be compromising your security.

Researchers were able to get it right first time with 80 percent accuracy. Over three attempts the researchers managed to succeed 90 percent of the time.

Accurate attempts

"The threat is real, although the approach is sophisticated" said Yan Wang, assistant professor of computer science at Binghamton University.

"There are two attacking scenarios that are achievable: internal and sniffing attacks."

The internal attack would use malware installed on the wearable device and send it back to the attacker to determine a PIN or password.

On the other hand, a sniffing attack could work with a wireless sensor placed in a location to intrude on the data sent between your wrist wear and a smartphone via Bluetooth.

Researchers on the project could only recommend better encryption for wearable devices to tackle this issue. In the meantime, it may be worth using your other hand or taking off your smartwatch before entering your bank PIN.

Via Phys