Your Smartwatch's Motion Sensors Can Reveal Everything You Type

Your Smartwatch's Motion Sensors Can Reveal Everything You Type (Including Passwords)

You can now add smartwatches to the list of potential ways your private data could be leaked. Tony Beltramelli, a Master's students at the IT University of Copenhagen, has shown that even your wearable could be used to compromise your privacy by tracking your every keystroke.

That's not to say that out of the box your fancy new Apple Watch will leak your every last secret to hackers. What Beltramelli has been able to demonstrate through his Master's thesis project is that the seemingly random motions tracked by a smartwatch's motion sensors can be analysed and used to extract what the wearer might be typing, or inputting on a numerical keypad.

Security experts have often felt that how a user types, the distinct patterns and motions they use as their fingers fly across a keyboard, could be used to help verify their identity as another layer of security to the password they're entering. So even if someone else had that secret phrase, only the real user would be able to properly enter it.

Beltramelli is demonstrating exactly that with his thesis research, but coming at it from a different and more concerning angle. Instead of verifying a user based on their keystrokes, he's using their distinct typing patterns to blindly determine what exactly they're typing. And given that the majority of the world's keyboards are similarly-sized with the exact same alphanumeric layout (PIN pads as well) it's not terribly difficult for an algorithm to take that seemingly random motion data from a smartwatch and figure out what keys are likely being pressed.

Don't throw away your Android Wear watch just yet, because Beltramelli hasn't demonstrated a reliable way to compromise and capture a wearable's motion tracking data. His research was performed with a smartwatch he had full acccess to. But it's a good reminder to be extremely careful about what apps you're downloading and installing on your phone and wearables, because even seemingly innocuous data could be used against you.

[Cornell University Library via Ubergizmo]



    You can now add smartwatches to the list of potential ways your private data could be leaked.

    This has been on the list for years. And the touch keypad for any Android or iOS device is an input method, meaning what is being entered into it is readable by a simple key-logger built into any app that the user has either knowingly or unknowingly installed anyway.

    If one were to use the keypad with multiple fingers, like a professional, this type of attack will be much more complicated.

    (Unless the watch can accurately determine which muscle groups are being used.)

    Why is this such a surprise? Every piece of tech today monitors our every move...Stalin would have loved our system ... imagine the money saved on just feeding the tracking dogs and boot polish for Jackboots

    Also, the rather obvious limitation of needing the watch to be worn on the dominant arm.

    Like (I suspect) a lot of people, my watch is on the opposite wrist. So hack or no hack, he'll get no numbers.

    good thing i dont type like a 90 year old computer illiterate human. and wear my watch on the non dominant wrist.

Join the discussion!

Trending Stories Right Now