New research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that – after analysis – could be turned into datasets unique to the smartwatch owner. These datasets, if misused, allow the user’s activities to be monitored, including the entering of sensitive information. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives of users and their information security.

 

In recent years, the cyber security industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses – from sophisticated digital profiling of cybercriminals’ victims, to market predictions on user behavior. But while consumer paranoia over personal information misuse is growing, with many turning their attentions to online platforms and data collection methods, other – less obvious – threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers to monitor exercise and sport activities. But this could have dangerous consequences.

 

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab experts decided to examine what user information these sensors could provide to unauthorized third parties, and took a closer look at several smartwatches from a number of vendors.

 

To examine the issue, experts developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

 

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioral patterns, periods of time when and where users were moving, and how long they were doing it. Most importantly, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96%), entering a PIN code at the ATM (approximately 87%) and unlocking the mobile phone (approximately 64%).

 

The signal dataset itself is a behavioral pattern unique to the device owner. Using this, a third party could go further and try to identify a user’s identity – either through an email address that was requested at registration stage in the app or via turned on access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is identified, including their daily routines and moments when they are entering important data. And given the growing price for users’ private data, we could fast find ourselves in a world where third parties monetize this vector.

 

But even if this exploit is not capitalized on, but used instead by cybercriminals for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favorite ATMs. We have already seem how criminals can achieve 80% accuracy when trying to decrypt accelerometer signals and identify the password or PIN using only the data collected from smartwatch sensors.

 

“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters. Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties,” said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.

 

Kaspersky Lab researchers advise users to pay attention to the following peculiarities when wearing smart devices:

  1. If the application sends a request to retrieve user account information, this is a cause for concern – because criminals could easily build a “digital fingerprint” of its owner.
  2. If the application also requests permission to send geolocation data, then you should worry. Do not give fitness trackers that you download on your smartwatch, extra permissions or set your corporate e-mail address as the login.
  3. Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

RECOMMENDED ARTICLE FOR TECHWORLD


 
NARUTO TO BORUTO: SHINOBI STRIKER UNVEILS ITS GAMEPLAY WITH MORE DETAILS ABOUT FIGHTERS AND BATTLE MODES
Techworld Date Posted: 23 August 2017 11:49 AM | 317 Views
BANDAI NAMCO Entertainment Asia is excited to reveal the amazing new content about the acrobatic ninja battle action game developed by Soleil Ltd. AVATAR SYSTEM For the first time in the Naruto series, the Avatar System.... See More
 
NARUTO TO BORUTO: SHINOBI STRIKER UNVEILS ITS GAMEPLAY WITH MORE DETAILS ABOUT FIGHTERS AND BATTLE MODES
Techworld Date Posted: 11:49 AM | 317 Views
BANDAI NAMCO Entertainment Asia is excited to reveal the amazing new content about the acrobatic ninja battle action game developed by Soleil Ltd. AVATAR SYSTEM For the first time in the Naruto series, the Avatar System...See More

 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 15 December 2017 10:06 AM | 238 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack.... See More
 
DreamHack and CORSAIR Enter Strategic Partnership
Techworld Date Posted: 10:06 AM | 238 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, and DreamHack, the world’s largest digital festival, are excited to announce a groundbreaking new partnership which will see CORSAIR and DreamHack...See More

 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 15 May 2018 4:52 PM | 363 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.. See More
 
Concern for Online Security of Our Older Relatives not Converting into Care, Warns Kaspersky Lab
Techworld Date Posted: 4:52 PM | 363 Views
It’s well documented that younger generations are spending a greater proportion of their lives online, but they’re not the only ones.See More

 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 24 August 2018 4:42 PM | 108 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The.... See More
 
Nokia 7 Plus Wins Consumer Smartphone of the Year at EISA Awards 2018
Techworld Date Posted: 4:42 PM | 108 Views
HMD Global, the home of Nokia phones, is proud to announce that the Nokia 7 Plus has been named the Consumer Smartphone of the Year by the Expert Imaging and Sound Association (EISA). The...See More

 
Synology® Sees Huge Growth in PH NAS Market, Introduces Complete Business Backup Solution
Techworld Date Posted: 1 August 2018 5:23 PM | 131 Views
Synology®, leading network attached storage (NAS), IP surveillance and network equipment provider introduces its newest products, Active Backup Suite and Service Replacement Service (SRS) for Philippines SMBs and SMEs today. . See More
 
Synology® Sees Huge Growth in PH NAS Market, Introduces Complete Business Backup Solution
Techworld Date Posted: 5:23 PM | 131 Views
Synology®, leading network attached storage (NAS), IP surveillance and network equipment provider introduces its newest products, Active Backup Suite and Service Replacement Service (SRS) for Philippines SMBs and SMEs today. See More

 
From Careless to Careful: Top Tips to Secure BYOD in the Workplace
Techworld Date Posted: 20 October 2018 9:06 AM | 71 Views
On the heels of the latest breaches against widely-used online platforms Facebook and Google that affected millions of users worldwide, Kaspersky Lab today puts the spotlight on the role of employees in keeping companies.... See More
 
From Careless to Careful: Top Tips to Secure BYOD in the Workplace
Techworld Date Posted: 9:06 AM | 71 Views
On the heels of the latest breaches against widely-used online platforms Facebook and Google that affected millions of users worldwide, Kaspersky Lab today puts the spotlight on the role of employees in keeping companies...See More

 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 4 August 2017 1:11 PM | 242 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and.... See More
 
F5 Names Ben Gibson as Chief Marketing Officer
Techworld Date Posted: 1:11 PM | 242 Views
Business leader with 25 years of experience at Veritas, Aruba Networks, and Cisco Systems to head global marketing team Philippines, August 4, 2016 — F5 Networks (NASDAQ: FFIV), the global leader in application networking and...See More

 
Snoppa ATOM, the World’s Smallest Gimbal Surpasses $1M Milestone on Indiegogo
Techworld Date Posted: 30 October 2018 1:16 PM | 171 Views
With over 13,800 backers across the world, Snoppa's ATOM has raised more than 110 times the initial $10K funding goal. The ATOM, which was featured on Indiegogo team's Favorites Collection, has drawn attention with.... See More
 
Snoppa ATOM, the World’s Smallest Gimbal Surpasses $1M Milestone on Indiegogo
Techworld Date Posted: 1:16 PM | 171 Views
With over 13,800 backers across the world, Snoppa's ATOM has raised more than 110 times the initial $10K funding goal. The ATOM, which was featured on Indiegogo team's Favorites Collection, has drawn attention with...See More

 
SAP Honored with Prestigious “Friend of ASEAN” Award for Contributions to the ASEAN Region
Techworld Date Posted: 27 December 2018 2:23 PM | 81 Views
SAP SE (NYSE: SAP) has recently announced it was awarded the prestigious “Friend of ASEAN” accolade for its positive social and economic contributions to the Southeast Asia region at the ASEAN Business Awards 2018.. See More
 
SAP Honored with Prestigious “Friend of ASEAN” Award for Contributions to the ASEAN Region
Techworld Date Posted: 2:23 PM | 81 Views
SAP SE (NYSE: SAP) has recently announced it was awarded the prestigious “Friend of ASEAN” accolade for its positive social and economic contributions to the Southeast Asia region at the ASEAN Business Awards 2018.See More

 
Win a Transcend DrivePro 230 Dashcam for Your Family’s Safety Travel This Christmas
Techworld Date Posted: 18 December 2018 8:48 AM | 64 Views
It’s the season of giving and Christmas is fast approaching. Transcend Information, together with Blade Auto Center, is holding “Share and WIN a DrivePro 230 dashcam” on Blade Facebook to secure your family’s safety.... See More
 
Win a Transcend DrivePro 230 Dashcam for Your Family’s Safety Travel This Christmas
Techworld Date Posted: 8:48 AM | 64 Views
It’s the season of giving and Christmas is fast approaching. Transcend Information, together with Blade Auto Center, is holding “Share and WIN a DrivePro 230 dashcam” on Blade Facebook to secure your family’s safety...See More


Power by

Download Free AZ | Free Wordpress Themes