Security & Fraud

Can Smartwatches Make ATM PINs Open To Hackers?


Time and time again, hackers have proven to be one step ahead. From bitcoin ransoms to EMV security, there are few areas that are out of bounds for the clever crew.

A recent research study out of Binghamton University now suggests another potential target for hackers: wearable technology.

Wearable technology has been a notable trend since the launch of the Apple Watch in April of 2015, but does donning the trendy tech also put the user at risk of getting their ATM PIN hacked? The researchers say yes.

“The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities,” said the researchers. “This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems.”

In order for hackers to steal an ATM PIN from a wearable device, they have to download the sensor data from the devices, which the researchers found is easy to do by using a wireless sniffer that captures data being sent between the wearable device and the smartphone it connects with via Bluetooth. Another option for hackers is installing malware on the phone or wearable device and having it sent to them. Once the bad guys have the data, they are able to analyze the movement of the persons’ hands as they use a wearable device, and the speed at which they do it. And whether the hacker uses sniffer technology or malware, wearable device users could get their ATM PIN hacked and their bank account wiped out before they know it.

It may sound like an arduous task for hackers, but it turns out it wasn’t that difficult, at least not according to the researchers. Out of the 5,000 instances the researchers tracked, they were able to figure out a wearable device user’s PIN 80 percent of the time at the first go around. That increased to more than 90 percent when the researchers tried three times.

And when it comes to payments security, those percentages are ones that few would like to take a gamble with.


Latest Insights: 

Facebook is a giant in the ad game, with 2.3 billion active monthly users and $16.6 billion in quarterly advertising revenue. However, its omnipresence makes it a honeypot for fraudsters. In this month’s Digital Fraud Report, PYMNTS talks with Rob Leathern, Facebook’s director of product management, on how the site deploys automated systems and thorough advertiser vetting to close the lid on fraudster attempts.

Click to comment


To Top