Smartwatches can be exploited to obtain passwords

Data collected by smartwatches can allow hackers to obtain sensitive information like passwords and PINs, according to new research.

A study carried out by Kaspersky Lab found that the devices can be tools for spying on their owners, collecting silent accelerometer and gyroscope signals that could be turned into datasets unique to the smartwatch owner.

Kaspersky researchers examined what user information smartwatch sensors could provide to unauthorised third parties and assessed several wearable devices from various vendors.

Using mathematical algorithms on the device, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96 per cent), entering a PIN code at the ATM (around 87 per cent) and unlocking a mobile phone (roughly 64 per cent).

Cyber criminals could also choose to exploit the weakness to ambush victims or install skimmers at cash machines.

Sergey Lurye, a security expert from Kaspersky Lab, said the research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals.