Chances are, you aren’t keeping any sensitive information on a smartwatch that you’re afraid of getting out. However, what’s on the smartwatch isn’t what the hackers are after; they’re actually after your hand movements. Even on its own, that sounds like a scary thought, but what they can do with those movements is even scarier.
How Can Hackers Track Where Your Hands Are, and Why Would They Want to?
Smartwatches today are full of sensors that accurately pinpoint where your hand is positioned, and where you move it. That’s one of the types of data that the watch collects, and if the watch collects it, so can opportunistic hackers. Once your smartwatch has been infected, the sensors inside of your smartwatch betray all of your movements to the last person you’d want to know about them. This is a pretty scary thought on its own, but what exactly can they do with all this data? Well unfortunately for smartwatch users, they can use this data to guess your PINs and passwords with almost 80% accuracy. Several computer scientists from the Stevens Institute of Technology and Binghamton University have put together a paper detailing how password theft of this nature is possible. It’s an inherent flaw with smartwatch design, and currently, there isn’t a good way to stop it from happening when your device is already infected. Currently, this type of hacking has not been capitalized on except for research purposes. However, before it can, users need to find a way to protect their sensitive information from being stolen before they know it.
How Do You Make Sure Your Smartwatch is Secure?
In most cases, your smartwatch depends on your smartphone, which means that as long as your phone is secure, so is your watch. This means a hacker would need to crack your phone in order to get to your watch, which is two security barriers that most likely won’t be broken. However, if your smartwatch is its own independent device, it becomes subject to more risk than before. Thankfully, as we mentioned above, this specific type of smartwatch hack hasn’t been capitalized on yet. We only say yet, because it’s only a matter of time before a security flaw is taken advantage of, leaving the user to pay the price. So if a hacker does manage to capitalize on a hack like this, what can you do to prevent your sensitive information from getting out? Currently, you only have two options.
Method 1: Keep Your Connected Smartphone Updated and Secure
When it comes to your smart wearable, your first line of defense is your Android phone. If your smartphone is secure, then a hacker is out of luck reaching your smartwatch, so you’ll have little to worry about. Keep in mind, this only applies if your smartwatch is not intended to run separately from your smartphone. In cases like that, you’ll need to resort to different measures.
Step 1:
First things first, keep your phone updated to make sure your security measures are still working like they should. If there’s a security flaw in your phone, this makes the flaws in your smartwatch’s security even wider.
Step 2:
To stay secure, please practice safe browsing and downloading. This goes for your smartphone, and your smartwatch. Stay safe out there, because you never know what malicious program could be lying in wait to steal your information.
Step 3:
Don’t underestimate what a good antivirus can do for you in terms of security. If you value your sensitive information’s privacy, it’s a great idea to find an antivirus program that suits your needs. All three of the security measures I’ve mentioned will help minimize the chances of your smartwatch being hacked, but there’s one method that’s foolproof, if not primitive.
Method 2: Make Your Sensory Data Worthless to Hackers
Let’s say your smartwatch has been hacked, and all of your movement data that’s been recorded is sent to the hacker. Using that data, they can essentially guess at your password or PIN based on where your fingers move, your hands orientation, and other factors. If all of this works as planned, they have an 80% chance at guessing your information correctly. That’s all assuming that you either entered your PIN or password with the hand that has your smartwatch below it, or never faltered while typing or keying in your information. This means that each deviation from your normal password or PIN entry creates confusing sensory data that is much harder to analyze. This means there are two ways to make this data worthless to a hacker.
Step 1:
While entering a PIN or password with your smartwatch on, don’t immediately just hit all of the keys required. Move your fingers around the keypad differently, press in on other areas, intentionally break your key hitting rhythm, or slide your fingers around instead of lifting them to go to another key. There are multiple ways to make your sensory data confusing to read, but there’s one other option that makes the data entirely useless, or doesn’t create any data at all.
Step 2:
This is probably the easiest way to solve this problem, even if it a simple sounding solution. When putting in a PIN or password, don’t use the hand that has your smartwatch attached, or take it off temporarily. If you don’t create the data where your hand moves around the keys in the first place, no one can read it to use it for their own purposes; it’s as easy as that.
Conclusion
While this security flaw with smartwatches hasn’t been fully taken advantage of yet, it’s a scary thought that it actually might. With smartwatches growing in popularity, users will need to take extra care to keep their sensitive information safe, or face consequences they never had a chance to see coming. Featured Image Credit
