In case you didn’t know it, according to the latest report issued by the International Data Corporation, sales of smartwatches have increased by 200% during the first quarter of this year, resulting in over 11 million units sold.
Not only do these gadgets attract consumers, but they are also getting the attention of cybercriminals. We’ve already warned you on a few occasions of the vulnerabilities of smartwatches, but a group of investigators from the University of Illinois have just uncovered a new security risk posed by these devices. They have shown that it is possible to use them to detect the information that someone enters into a computer.
Knowing which letters are being keyed in by the owner of a smartwatch could help cybercriminals to discover passwords without needing direct access to your computer.
It also isn’t even necessary to alter any of the settings on the watch or modify it in any way, the American experts were able to do it using an application that they developed. The tool they used captures all of the information obtained by the different sensors that the device is connected to.
With information from the accelerometer and the gyroscope, the app registers the movement of the hands and fingers on the keyboard. What’s more, the investigators have used the special information to construct a 3D map.
They introduced the information into a software that analyzed the rhythm of the inputs. By using two algorithms they were able to know the exact key that was hit, which allowed them to guess the different letters.
One of them detected the exact moment that the user started to input information on the keyboard and created a temperature map which indicated the keys. The other received the resulting information and analyzed the pauses between inputs, allowing them to calculate the number of letter that were hit by the right hand – as the watch was worn on the left.
So, by using this new mathematical tool as a dictionary, they were able to guess the letters used by the person wearing the smartwatch. The tool is efficient but it still needs to be perfected as it can’t yet detect punctuation or other symbols on the keyboard.
The work of these investigators is included in the Motion Leaks Through Smartwatch Sensors project, financed by the National Science Foundation. “Sensor data from wearable devices will clearly be a double-edged sword,” said Associate Professor Romit Roy Choudhury, who is affiliated with the Coordinated Science Laboratory.
Although the devices allow for the monitoring of information related to health, they could also put at risk the security of private information. According to Choudhury, “the real aim is to know the quantity and nature of the information that can be gotten about individuals”.
In this case it was the investigators that developed the app, but they assure us that any cybercriminal could make a similar one and spread it via platforms such as iTunes or Google Play. Because of this, just like with smartphones, it’s advisable to verify where any app comes from before you download it to your smartwatch.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
