Smartwatches vulnerable to hacking: Indian-origin researcher
New York: Planning to buy a smartwatch? Beware as you are at an increased risk of losing your privacy as like other computer devices, smartwatches are also vulnerable to hackers, says an Indian-origin researcher.
Using a homegrown app on a Samsung “Gear Live” smartwatch, associate professor Romit Roy Choudhury from University of Illinois at Urbana-Champaign was able to guess what a user was typing through data “leaks” produced by the motion sensors on smartwatches.
“Sensor data from wearable devices will clearly be a double-edged sword.
“While the device’s contact to the human body will offer invaluable insights into human health and context, it will also make way for deeper violation into human privacy,” Choudhury said.
His project called Motion Leaks through Smartwatch Sensors (MoLe) has privacy implications.
An app that is camouflaged as a pedometer, for example, could gather data from emails, search queries and other confidential documents.
“The core challenge is in characterising what can or cannot be
inferred from sensor data and the MoLe project is one example along this direction,” he added.
While a Samsung watch was used in this project, the researchers believe that any wearable device that uses motion sensors – from Apple Watch to Fitbit – could be vulnerable as well.
The app uses an accelerometer and gyroscope to track the micro-motion of keystrokes as a wearer types on a keyboard.
While Illinois researchers developed MoLe, it is conceivable that hackers could build a similar app and deploy it to iTunes and other libraries.
“There are a lot of good things that smart watches can bring to our lives, but there could be bad things,” noted He Wang, PhD student in electrical and computer engineering at Illinois.
A possible solution to these motion leaks would be to lower the sample
rate of the sensors in the watch.
For instance, the sample rate is normally around 200 Hertz, meaning the system logs 200 accelerometer and gyroscope readings per second.
“However, if that number is lowered to below 15, the users’ wrist movements become extremely difficult to track,” the authors explained.
The work, funded by the US National Science Foundation, will be presented at the MobiCom 2015 conference in Paris this week.