New research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that – after analysis – could be turned into datasets unique to the smartwatch owner. These datasets, if misused, allow the user’s activities to be monitored, including the entering of sensitive information. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives of users and their information security.

 

In recent years, the cyber security industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses – from sophisticated digital profiling of cybercriminals’ victims, to market predictions on user behavior. But while consumer paranoia over personal information misuse is growing, with many turning their attentions to online platforms and data collection methods, other – less obvious – threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers to monitor exercise and sport activities. But this could have dangerous consequences.

 

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab experts decided to examine what user information these sensors could provide to unauthorized third parties, and took a closer look at several smartwatches from a number of vendors.

 

To examine the issue, experts developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

 

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioral patterns, periods of time when and where users were moving, and how long they were doing it. Most importantly, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96%), entering a PIN code at the ATM (approximately 87%) and unlocking the mobile phone (approximately 64%).

 

The signal dataset itself is a behavioral pattern unique to the device owner. Using this, a third party could go further and try to identify a user’s identity – either through an email address that was requested at registration stage in the app or via turned on access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is identified, including their daily routines and moments when they are entering important data. And given the growing price for users’ private data, we could fast find ourselves in a world where third parties monetize this vector.

 

But even if this exploit is not capitalized on, but used instead by cybercriminals for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favorite ATMs. We have already seem how criminals can achieve 80% accuracy when trying to decrypt accelerometer signals and identify the password or PIN using only the data collected from smartwatch sensors.

 

“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters. Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties,” said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.

 

Kaspersky Lab researchers advise users to pay attention to the following peculiarities when wearing smart devices:

  1. If the application sends a request to retrieve user account information, this is a cause for concern – because criminals could easily build a “digital fingerprint” of its owner.
  2. If the application also requests permission to send geolocation data, then you should worry. Do not give fitness trackers that you download on your smartwatch, extra permissions or set your corporate e-mail address as the login.
  3. Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

RECOMMENDED ARTICLE FOR TECHWORLD


 
What’s your treasured Nokia moment?
Techworld Date Posted: 22 December 2017 3:03 PM | 352 Views
Admit it, before all the fuss about touchscreens and sleek metal frames and glass back, the rave was all about the sturdiest body, intuitive interface, and interchangeable covers and keypads. See More
 
What’s your treasured Nokia moment?
Techworld Date Posted: 3:03 PM | 352 Views
Admit it, before all the fuss about touchscreens and sleek metal frames and glass back, the rave was all about the sturdiest body, intuitive interface, and interchangeable covers and keypadsSee More

 
TechFest 2019: Bringing Next-Generation Innovation to PH Businesses
Techworld Date Posted: 10 May 2019 11:35 AM | 34 Views
TechFest 2019 is a breakthrough event spearheaded by international technology leaders to bring forth knowledge-rich sessions focusing on the cutting-edge business solutions today.. See More
 
TechFest 2019: Bringing Next-Generation Innovation to PH Businesses
Techworld Date Posted: 11:35 AM | 34 Views
TechFest 2019 is a breakthrough event spearheaded by international technology leaders to bring forth knowledge-rich sessions focusing on the cutting-edge business solutions today.See More

 
Go Deeper into the Void – CORSAIR Announces New Lineup of VOID PRO Gaming Headsets
Techworld Date Posted: 23 August 2017 11:33 AM | 28 Views
CORSAIR, a world leader in enthusiast memory, PC components and high-performance gaming hardware, today announced the release of its new range of VOID PRO gaming headsets. When you're deep in the game and sound.... See More
 
Go Deeper into the Void – CORSAIR Announces New Lineup of VOID PRO Gaming Headsets
Techworld Date Posted: 11:33 AM | 28 Views
CORSAIR, a world leader in enthusiast memory, PC components and high-performance gaming hardware, today announced the release of its new range of VOID PRO gaming headsets. When you're deep in the game and sound...See More

 
DJI Brings RoboMaster 2017 Finals to Twitch
Techworld Date Posted: 1 August 2017 3:35 PM | 328 Views
DJI, the world's leader in civilian drones and aerial imaging technology, today announced that the RoboMaster 2017 competition finals will be livestreamed exclusively on social video platform Twitch1. RoboMaster 2017 is an annual robotics.... See More
 
DJI Brings RoboMaster 2017 Finals to Twitch
Techworld Date Posted: 3:35 PM | 328 Views
DJI, the world's leader in civilian drones and aerial imaging technology, today announced that the RoboMaster 2017 competition finals will be livestreamed exclusively on social video platform Twitch1. RoboMaster 2017 is an annual robotics...See More

 
New Kaspersky Endpoint Security for Business Provides Security Teams with Greater Control and Automatic Anomaly Detection
Techworld Date Posted: 23 March 2019 10:09 AM | 28 Views
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business. The product features Adaptive Anomaly Control, which intelligently perceives and blocks anomalous applications and user behavior,.... See More
 
New Kaspersky Endpoint Security for Business Provides Security Teams with Greater Control and Automatic Anomaly Detection
Techworld Date Posted: 10:09 AM | 28 Views
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business. The product features Adaptive Anomaly Control, which intelligently perceives and blocks anomalous applications and user behavior,...See More

 
Costly Cloud Breaches Putting Digital Transformation Strategies at Risk, Finds Kaspersky Lab
Techworld Date Posted: 25 May 2018 2:51 PM | 21 Views
The success of digital transformation projects are being stalled by the fear of the impact and rising costs of breaches associated with “data on the go”. According to new research from Kaspersky Lab, safeguarding.... See More
 
Costly Cloud Breaches Putting Digital Transformation Strategies at Risk, Finds Kaspersky Lab
Techworld Date Posted: 2:51 PM | 21 Views
The success of digital transformation projects are being stalled by the fear of the impact and rising costs of breaches associated with “data on the go”. According to new research from Kaspersky Lab, safeguarding...See More

 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5 October 2018 5:19 PM | 35 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not.... See More
 
Quick! Where’s my phone? There’s a human nearby
Techworld Date Posted: 5:19 PM | 35 Views
Connected devices are becoming essential to keeping people in contact with each other, but for many they are also a much needed comfort blanket in a variety of social situations when they do not...See More

 
Hitachi Vantara to Extend Reach in Philippines with Strategic MSI–ECS Partnership
Techworld Date Posted: 6 July 2018 3:42 PM | 687 Views
Manila, Philippines — Hitachi Vantara, a wholly owned subsidiary of Hitachi Ltd. (TSE: 6501), today announced an expansion of its distribution agreement with MSI – ECS Philippines, Inc. beyond Singapore and China.... See More
 
Hitachi Vantara to Extend Reach in Philippines with Strategic MSI–ECS Partnership
Techworld Date Posted: 3:42 PM | 687 Views
Manila, Philippines — Hitachi Vantara, a wholly owned subsidiary of Hitachi Ltd. (TSE: 6501), today announced an expansion of its distribution agreement with MSI – ECS Philippines, Inc. beyond Singapore and China...See More

 
Epson PH to Focus on Core Technologies and B2B Operations for a Bigger Market Share This 2019
Techworld Date Posted: 28 May 2019 4:56 PM | 31 Views
To maintain its bullish PH market share this 2019, Epson Philippines Corporation (EPC) shared its plans to build on new businesses, minimize dependence on mainstream product segments and optimize its B2B operations in a.... See More
 
Epson PH to Focus on Core Technologies and B2B Operations for a Bigger Market Share This 2019
Techworld Date Posted: 4:56 PM | 31 Views
To maintain its bullish PH market share this 2019, Epson Philippines Corporation (EPC) shared its plans to build on new businesses, minimize dependence on mainstream product segments and optimize its B2B operations in a...See More

 
GOC GEC First Time in Thailand: World Record Broken during GALAX Overclocking & eSports Carnival
Techworld Date Posted: 1 December 2017 3:14 PM | 24 Views
It’s a big day for GALAX the past weekend. The GALAX 9th Overclocking & eSports Carnival were concluded with success last Saturday.. See More
 
GOC GEC First Time in Thailand: World Record Broken during GALAX Overclocking & eSports Carnival
Techworld Date Posted: 3:14 PM | 24 Views
It’s a big day for GALAX the past weekend. The GALAX 9th Overclocking & eSports Carnival were concluded with success last Saturday.See More


Power by

Download Free AZ | Free Wordpress Themes