New research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that – after analysis – could be turned into datasets unique to the smartwatch owner. These datasets, if misused, allow the user’s activities to be monitored, including the entering of sensitive information. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives of users and their information security.

 

In recent years, the cyber security industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses – from sophisticated digital profiling of cybercriminals’ victims, to market predictions on user behavior. But while consumer paranoia over personal information misuse is growing, with many turning their attentions to online platforms and data collection methods, other – less obvious – threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers to monitor exercise and sport activities. But this could have dangerous consequences.

 

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab experts decided to examine what user information these sensors could provide to unauthorized third parties, and took a closer look at several smartwatches from a number of vendors.

 

To examine the issue, experts developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

 

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioral patterns, periods of time when and where users were moving, and how long they were doing it. Most importantly, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96%), entering a PIN code at the ATM (approximately 87%) and unlocking the mobile phone (approximately 64%).

 

The signal dataset itself is a behavioral pattern unique to the device owner. Using this, a third party could go further and try to identify a user’s identity – either through an email address that was requested at registration stage in the app or via turned on access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is identified, including their daily routines and moments when they are entering important data. And given the growing price for users’ private data, we could fast find ourselves in a world where third parties monetize this vector.

 

But even if this exploit is not capitalized on, but used instead by cybercriminals for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favorite ATMs. We have already seem how criminals can achieve 80% accuracy when trying to decrypt accelerometer signals and identify the password or PIN using only the data collected from smartwatch sensors.

 

“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters. Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties,” said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.

 

Kaspersky Lab researchers advise users to pay attention to the following peculiarities when wearing smart devices:

  1. If the application sends a request to retrieve user account information, this is a cause for concern – because criminals could easily build a “digital fingerprint” of its owner.
  2. If the application also requests permission to send geolocation data, then you should worry. Do not give fitness trackers that you download on your smartwatch, extra permissions or set your corporate e-mail address as the login.
  3. Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

RECOMMENDED ARTICLE FOR TECHWORLD


 
ViewSonic is the Official Monitor Sponsor for Canon PhotoMarathon Philippines 2018
Techworld Date Posted: 9 November 2018 1:21 PM | 229 Views
Having over fifteen hundred enthusiastic photographers participating to compete for the best moment captured based on designated themes. ViewSonic will station three VP2468 at the emergency kiosk for participants to preview their work before.... See More
 
ViewSonic is the Official Monitor Sponsor for Canon PhotoMarathon Philippines 2018
Techworld Date Posted: 1:21 PM | 229 Views
Having over fifteen hundred enthusiastic photographers participating to compete for the best moment captured based on designated themes. ViewSonic will station three VP2468 at the emergency kiosk for participants to preview their work before...See More

 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 10 December 2018 1:34 PM | 208 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.. See More
 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 1:34 PM | 208 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.See More

 
Proactively Addressing New Cyber Threat Trends in Healthcare
Techworld Date Posted: 30 January 2019 1:19 PM | 75 Views
Most cybercriminal behavior can be reduced to two basic economic drivers. The first is to look for targets with valuable resources that can be easily turned into profits.. See More
 
Proactively Addressing New Cyber Threat Trends in Healthcare
Techworld Date Posted: 1:19 PM | 75 Views
Most cybercriminal behavior can be reduced to two basic economic drivers. The first is to look for targets with valuable resources that can be easily turned into profits.See More

 
Beat the Summer Heat with Cool Discounts from Nokia Mobile
Techworld Date Posted: 22 February 2019 5:10 PM | 82 Views
It’s never too early to get ready for summer. HMD Global, the home of Nokia phones, brings you the best discounts that are sure to give you a premium summer experience at an affordable.... See More
 
Beat the Summer Heat with Cool Discounts from Nokia Mobile
Techworld Date Posted: 5:10 PM | 82 Views
It’s never too early to get ready for summer. HMD Global, the home of Nokia phones, brings you the best discounts that are sure to give you a premium summer experience at an affordable...See More

 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 16 October 2018 3:31 PM | 135 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call.... See More
 
Dreading Wi-Fi Deadspots? Here Are 5 Quick Hacks!
Techworld Date Posted: 3:31 PM | 135 Views
In a world where our favorite videos, music, and games are just right at our fingertips, files can be shared in an instant, and our loved ones are just a chat or video call...See More

Rafael Aquino
The Threadripper’s Simple Complexity
Techworld • By: Rafael Aquino | Date Posted: 29 July 2017 4:30 PM | 833 Views
The AMD Ryzen Threadripper is by far the most powerful processor to date. 12 cores and 24 threads each, that is absolutely dwarfing any other processor ever created in the history of mankind. But.... See More
Rafael Aquino
The Threadripper’s Simple Complexity
Techworld • By: Rafael Aquino | Date Posted: 4:30 PM | 833 Views
The AMD Ryzen Threadripper is by far the most powerful processor to date. 12 cores and 24 threads each, that is absolutely dwarfing any other processor ever created in the history of mankind. But...See More

 
ADATA Launches New Range of Charging Products
Techworld Date Posted: 4 July 2018 11:07 AM | 282 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, today launched a series of new charging products that make powering mobile lifestyles easier than ever.. See More
 
ADATA Launches New Range of Charging Products
Techworld Date Posted: 11:07 AM | 282 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND Flash products, today launched a series of new charging products that make powering mobile lifestyles easier than ever.See More

 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 24 August 2017 9:41 AM | 249 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable.... See More
 
Phantom 4 Advanced vs Phantom 4 Pro: 4 Differences You Need to Know
Techworld Date Posted: 9:41 AM | 249 Views
DJI's most recent release, the Phantom 4 Advanced, is a slightly altered version of the Phantom 4 Pro unit which came out late last year. Its titanium and magnesium alloy makes the aircraft more durable...See More

 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 27 June 2018 1:17 PM | 497 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the.... See More
 
Transcend®’s DrivePro 550 Dashcam Provides Added Protection with Its Dual Lenses
Techworld Date Posted: 1:17 PM | 497 Views
Transcend® Information, Inc. (Transcend®), a leading manufacturer of storage and multimedia products, is proud to announce the release of the DrivePro 550 Dashcam. Featuring a dual lens camera and a large viewing angle, the...See More

 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 19 October 2017 5:27 PM | 359 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of.... See More
 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 5:27 PM | 359 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of...See More


Power by

Download Free AZ | Free Wordpress Themes