Security & Fraud

Can Smartwatches Make ATM PINs Open To Hackers?


Time and time again, hackers have proven to be one step ahead. From bitcoin ransoms to EMV security, there are few areas that are out of bounds for the clever crew.

A recent research study out of Binghamton University now suggests another potential target for hackers: wearable technology.

Wearable technology has been a notable trend since the launch of the Apple Watch in April of 2015, but does donning the trendy tech also put the user at risk of getting their ATM PIN hacked? The researchers say yes.

“The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities,” said the researchers. “This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems.”

In order for hackers to steal an ATM PIN from a wearable device, they have to download the sensor data from the devices, which the researchers found is easy to do by using a wireless sniffer that captures data being sent between the wearable device and the smartphone it connects with via Bluetooth. Another option for hackers is installing malware on the phone or wearable device and having it sent to them. Once the bad guys have the data, they are able to analyze the movement of the persons’ hands as they use a wearable device, and the speed at which they do it. And whether the hacker uses sniffer technology or malware, wearable device users could get their ATM PIN hacked and their bank account wiped out before they know it.

It may sound like an arduous task for hackers, but it turns out it wasn’t that difficult, at least not according to the researchers. Out of the 5,000 instances the researchers tracked, they were able to figure out a wearable device user’s PIN 80 percent of the time at the first go around. That increased to more than 90 percent when the researchers tried three times.

And when it comes to payments security, those percentages are ones that few would like to take a gamble with.


Featured PYMNTS Study:

More than 63 percent of merchant service providers (MSPs) want to overhaul their core payment processing systems so they can up their value-added services (VAS) game. It’s tough, though, since many of these systems date back to the pre-digital era. In the January 2020 Optimizing Merchant Services Playbook, PYMNTS unpacks what 200 MSPs say is key to delivering the VAS agenda that is critical to their success.

Click to comment