New research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that – after analysis – could be turned into datasets unique to the smartwatch owner. These datasets, if misused, allow the user’s activities to be monitored, including the entering of sensitive information. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives of users and their information security.

 

In recent years, the cyber security industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses – from sophisticated digital profiling of cybercriminals’ victims, to market predictions on user behavior. But while consumer paranoia over personal information misuse is growing, with many turning their attentions to online platforms and data collection methods, other – less obvious – threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers to monitor exercise and sport activities. But this could have dangerous consequences.

 

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab experts decided to examine what user information these sensors could provide to unauthorized third parties, and took a closer look at several smartwatches from a number of vendors.

 

To examine the issue, experts developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

 

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioral patterns, periods of time when and where users were moving, and how long they were doing it. Most importantly, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96%), entering a PIN code at the ATM (approximately 87%) and unlocking the mobile phone (approximately 64%).

 

The signal dataset itself is a behavioral pattern unique to the device owner. Using this, a third party could go further and try to identify a user’s identity – either through an email address that was requested at registration stage in the app or via turned on access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is identified, including their daily routines and moments when they are entering important data. And given the growing price for users’ private data, we could fast find ourselves in a world where third parties monetize this vector.

 

But even if this exploit is not capitalized on, but used instead by cybercriminals for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favorite ATMs. We have already seem how criminals can achieve 80% accuracy when trying to decrypt accelerometer signals and identify the password or PIN using only the data collected from smartwatch sensors.

 

“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters. Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties,” said Sergey Lurye, a security enthusiast and co-author of the research at Kaspersky Lab.

 

Kaspersky Lab researchers advise users to pay attention to the following peculiarities when wearing smart devices:

  1. If the application sends a request to retrieve user account information, this is a cause for concern – because criminals could easily build a “digital fingerprint” of its owner.
  2. If the application also requests permission to send geolocation data, then you should worry. Do not give fitness trackers that you download on your smartwatch, extra permissions or set your corporate e-mail address as the login.
  3. Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

RECOMMENDED ARTICLE FOR TECHWORLD


 
Bykski Announces Real-Time Temperature Monitoring Fittings for Watercooling
Techworld Date Posted: 28 April 2018 4:33 PM | 569 Views
Bykski, professional manufacturer of computer watercooling solutions, is proud to announce the availability of its real-time temperature sensor monitor featuring HD LCD displays capable showcasing real-time information to the users. The Bykski B-TME-SE-AL and.... See More
 
Bykski Announces Real-Time Temperature Monitoring Fittings for Watercooling
Techworld Date Posted: 4:33 PM | 569 Views
Bykski, professional manufacturer of computer watercooling solutions, is proud to announce the availability of its real-time temperature sensor monitor featuring HD LCD displays capable showcasing real-time information to the users. The Bykski B-TME-SE-AL and...See More

 
Lenovo Launches the New Power-Packed Lenovo K8 Note and Lenovo K8 Plus Smartphones
Techworld Date Posted: 9 November 2017 1:40 PM | 354 Views
Lenovo continues to offer Filipinos unmatched premium mobile experience at a pocket friendly price with the all-new additions to its K series of devices, the Lenovo K8 Note and Lenovo K8 Plus.. See More
 
Lenovo Launches the New Power-Packed Lenovo K8 Note and Lenovo K8 Plus Smartphones
Techworld Date Posted: 1:40 PM | 354 Views
Lenovo continues to offer Filipinos unmatched premium mobile experience at a pocket friendly price with the all-new additions to its K series of devices, the Lenovo K8 Note and Lenovo K8 Plus.See More

 
Meralco Announces 34-Centavo per kWh Rate Drop for January
Techworld Date Posted: 23 January 2019 11:39 AM | 126 Views
The country’s largest electricity distribution utility has just announced that the overall electricity rates for the first month of the year are now down to P9.84 per kilowatt-hour (kWh), which is lower by P0.34.... See More
 
Meralco Announces 34-Centavo per kWh Rate Drop for January
Techworld Date Posted: 11:39 AM | 126 Views
The country’s largest electricity distribution utility has just announced that the overall electricity rates for the first month of the year are now down to P9.84 per kilowatt-hour (kWh), which is lower by P0.34...See More

 
Nokia 6 and Nokia 8110 4G Are Now Out in Philippine Market
Techworld Date Posted: 17 May 2018 10:46 AM | 662 Views
Because we listen to our fans, the new Nokia 6 is made even better to become more than just a smartphone that processes, clicks and communicates, but rather a companion you can trust, depend.... See More
 
Nokia 6 and Nokia 8110 4G Are Now Out in Philippine Market
Techworld Date Posted: 10:46 AM | 662 Views
Because we listen to our fans, the new Nokia 6 is made even better to become more than just a smartphone that processes, clicks and communicates, but rather a companion you can trust, depend...See More

 
Romantic Phishing Is on the Rise – How Not to Lose Your Money while Losing Your Heart
Techworld Date Posted: 18 February 2019 11:24 AM | 135 Views
Kaspersky Lab experts have detected a sharp increase in phishing activities from criminals offering users various romantic goods on the eve of Valentine’s Day. The total number of user attempts to visit fraudulent websites.... See More
 
Romantic Phishing Is on the Rise – How Not to Lose Your Money while Losing Your Heart
Techworld Date Posted: 11:24 AM | 135 Views
Kaspersky Lab experts have detected a sharp increase in phishing activities from criminals offering users various romantic goods on the eve of Valentine’s Day. The total number of user attempts to visit fraudulent websites...See More

 
ZooPark: New Android-Based Malware Campaign Spreading through Compromised Legitimate Websites
Techworld Date Posted: 16 May 2018 11:31 AM | 571 Views
Kaspersky Lab researchers have discovered ZooPark, a sophisticated cyberespionage campaign, which for several years has been targeting users of Android devices based in several Middle Eastern countries.. See More
 
ZooPark: New Android-Based Malware Campaign Spreading through Compromised Legitimate Websites
Techworld Date Posted: 11:31 AM | 571 Views
Kaspersky Lab researchers have discovered ZooPark, a sophisticated cyberespionage campaign, which for several years has been targeting users of Android devices based in several Middle Eastern countries.See More

PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 1 August 2017 9:43 AM | 562 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing.... See More
PCBG Contributing Writer
Machine Learning AI vs Employee Vigilance
Techworld • By: PCBG Contributing Writer | Date Posted: 9:43 AM | 562 Views
Here we are again. Man versus machine. On one corner, we have the machine capable of reading huge amounts of data in so little time, and on the other, an employee who knows nothing...See More

 
PLDT Highlights Aggressive Fiber Network Rollout at 2018 FTTH APAC Confab
Techworld Date Posted: 10 May 2018 10:45 AM | 302 Views
Telco leader PLDT outlined its nationwide fiber network rollout efforts at the recent FTTH APAC Conference held at the Shangri-La at The Fort. . See More
 
PLDT Highlights Aggressive Fiber Network Rollout at 2018 FTTH APAC Confab
Techworld Date Posted: 10:45 AM | 302 Views
Telco leader PLDT outlined its nationwide fiber network rollout efforts at the recent FTTH APAC Conference held at the Shangri-La at The Fort. See More

 
PLDT, Smart Kick Off ‘Road to Nationals’ Open eSports Tournament
Techworld Date Posted: 7 August 2018 4:39 PM | 220 Views
  Leading telco and digital services provider, PLDT Inc. and its wireless arm Smart Communications, Inc. have kicked off the Road to Nationals, a nationwide multi-game grassroots tournament in search of the best eSports.... See More
 
PLDT, Smart Kick Off ‘Road to Nationals’ Open eSports Tournament
Techworld Date Posted: 4:39 PM | 220 Views
  Leading telco and digital services provider, PLDT Inc. and its wireless arm Smart Communications, Inc. have kicked off the Road to Nationals, a nationwide multi-game grassroots tournament in search of the best eSports...See More

 
D-Link Covr-2202 Shines in HWM+HardwareZone.com Tech Awards 2019
Techworld Date Posted: 5 April 2019 10:24 AM | 94 Views
D-Link International Pte. Ltd., leading global provider of networking products, bagged the Editor’s Choice award at the 10th HWM + HardwareZone.com Tech Awards 2019. The company’s D-Link Covr-2202 was named Best Mesh Networking System.... See More
 
D-Link Covr-2202 Shines in HWM+HardwareZone.com Tech Awards 2019
Techworld Date Posted: 10:24 AM | 94 Views
D-Link International Pte. Ltd., leading global provider of networking products, bagged the Editor’s Choice award at the 10th HWM + HardwareZone.com Tech Awards 2019. The company’s D-Link Covr-2202 was named Best Mesh Networking System...See More


Power by

Download Free AZ | Free Wordpress Themes