It seems that each producer’s own SmartWatch. The small computer can monitor all kinds of things (about the heartbeat), connecting telephone calls and even show the time (wow). But did you know that they can also be misused to track what you type it?
Wearables as fitness bands and smartwatches since its introduction already provide for security concerns. This is mainly due to all the data they collect and transmit to the cloud, and falling into the wrong hands or can be sold to the highest bidder.
The manufacturer of fitness bands try to convince users that their data is safe , but at the same time they sell Smart bands en masse to corporate customers . So companies can use these wearables for example, to monitor the health of their employees – and so private data should not be treated. But that’s not even the biggest problem of fitness bands and smartwatches.
When Kaspersky expert Roman Unuchek found out that it is very easy to connect a smartphone with pretty much any fitness bench that is already connected to another device, he first came to the following positive conclusion:
“By hacking the bracelet, I own, an attacker can not access any user’s data, as these are not stored on the tape or the phone. The official app copies the information regularly to the cloud.”
However, later showed Tony Beltramelli, a student at the IT University in Copenhagen that an attacker does not need this data in order to harm the owner of the wearable device . In his thesis, he describes that a hacker, and has attained access to a watch, follow the gestures of the owner and it can track the input characters on a numeric keypad.
It is based on the fact that each user has his own way to tap. This fact should actually serve to improve safety: In order to get access to a device or data, it is not enough to type in a password, but it must also be keyed to a specific way-with the pattern of keystrokes that the user is used.
In his experiment used Beltramelli an Android Wear-based Sony SmartWatch 3, a numeric keypad and self-made a program with artificial intelligence capabilities. Its software knew his own unique typing patterns and could see the numbers entered by him on the data of the motion sensors of the SmartWatch-with about 60 percent accuracy.
Ok, so it can abuse someone a hacked SmartWatch to find out what is entered on a keyboard.What the hell?
Because with the numeric keypad, it can be a PIN keypad at an ATM or card reader in a store, and already knows the hacker the PIN code of your credit card. Or is at the keyboard to the lock screen of your phone-as soon as the attacker gets your phone in your fingers, it comes easily to all stored thereon information, inclusive of your contacts, messages, bank account details and so on.And all because he knows your PIN.
And if anyone can program a software that registers the entered numbers, he or she can probably expand so that they recognize the letters on a normal keyboard. When that happens, a hacker can record everything you type anywhere. Where you also have only a SmartWatch, and thus only the inputs of a hand can be recorded. But about half of the entered characters can be enough to understand what you have typed.
So far there is no evidence that such threats are already “in the wild” to be found, but you can believe us that this will be over soon, if they prove to be practicable. In this case there is only one way to protect yourself: You have to make sure that no malicious programs on the Android wearables are installed.
There are two other measures which can improve the strength of wearables:
- Only download apps from the official stores like Apple App Store, Google Play or Amazon Appstore.While apps from these stores are not a hundred percent sure, but were checked at least by shop staff, also the shops have a filter system for malicious apps. This does not come any app in the Store.
- Use a reliable security solution.Since all the apps that come on your watch, be first downloaded to your phone, they can be automatically checked for pests, when Kaspersky Internet Security for Android Premium is installed.