Secret smart watch and fitness band how to leak your ATM password-vulnerability warning-the black bar safety net

ID MYHACK58:62201676698
Type myhack58
Reporter 佚名
Modified 2016-07-08T00:00:00


! In this article at the beginning,I would like to start by asking you a simple question:your dominant hand is the left hand or right hand? This is a very simple question,this question will not bring you any loss. But the next question is not necessarily:are you in your dominant hand wearing a smart watch or fitness band? If you wear such a device,then you may need to re-consider whether this is a wise move. Recently,a group from Binghamton University scientists for this type of equipment for the research,perhaps in your finished their studies after,you will get the answers to your questions. The United States daily science reported,Binghamton University and Stevens Institute of technology Security Studies experts have been in the wearable device. the sensor of vulnerability research. The researchers found,the attacker can use a wearable device in the sensor vulnerability to crack our private PIN code and password. In a study,the security researchers in this thesis at the beginning of the write to:your wearable device will leak your personal PIN code. The researchers in the article also described in detail,in the wearable fitness-Tracking Device embedded in the sensor device,and the attacker can from the target user per minute the behavior of the operation to extract valuable information,and then in the computer algorithm, with the help of,crack out the user input a PIN code or security password. Security researchers say:“in this research process,we found that an attacker can use a wearable device to identify the target user is the dominant hand of the behavior of the action,its moving distance and direction on the degree of resolution may reach the mm level. This means,the attacker can in the computer simulation to reproduce the user wearing the hand movement trajectory,and a step to recover the user input password information. It is worth mentioning that,our system has now been confirmed,the attacker will be possible from a wearable embedded sensor to extract the user wearing the hand movement trajectory,for example an accelerometer,gyroscope,and magnetometer and other devices. The attacker can extract the user wearing the hand movement trajectory,and by operation of the user gesture is extracted out of the input password. Our PIN code is the sequence of reverse inference algorithm can use cryptographic keys between the inherent physical constraints(distances)to figure out the user input the full password sequence.” Yan Wang is a Binghamton University School of Computer Science an assistant Professor,he is also the research of one of the participants. According to his Description,A security studies expert at the first hack attempt,its crack out the password correct rate is up to 8 0 per cent. In the subsequent three hack try,to hack out the password correct rate all of the more than 9 0 per cent. If the algorithm is further improved,increasing the data recording range,and add more keyboard types,they can get to more of the wearable device data. As a result,hack out the password, the accuracy rate can also be increased by at least 1 9 per cent. Though currently this attack also remain at the theoretical research stage,but it seems,wearable device data security research has become an immediate imperative. He said:“according to our current knowledge,there is no such technology. Our new technologies may not need to mark the user behavior data of the case,the use of wearable devices to recover the target user's personal PIN code.” Although it sounds make people feel some incredible,but how could an attacker in real life use of such a highly sophisticated attack? There is a feasible method is the use of malicious software to infect the user of the wearable device,The malware poses a security tool,in the device background to collect user's wrist motion information,and sends this information to the attacker for the next step of the analysis. In addition,Wang presented a vision. In everyday life,this wearable device can be close to the ATM password keyboard, or some other entity-based keyboard password security system. This also means that an attacker can use a wearable device to collect the user's password input operation,and sends this information back to the connected smartphone,and these information usually are through Bluetooth device to send. Of course,this particular attack is dependent on the smartphone and the sensor device data synchronization. Requires the user to enter the machine password,the device can be the user's gestures in real-time transmission to the connected smartphone. Previously been a number of studies have demonstrated,many fitness tracking devices exist in the design defects,these devices do not effectively protect the user data security. This also means that an attacker can exploit these design flaws to the users attack,and this situation is actually not uncommon. You may already be aware,security experts described this attack in a short time is not likely to be widely used. Nevertheless,but this study is still very interesting and very imaginative. In addition,some of the intelligence agencies and law enforcement authorities will likely use this attack to some of them the interest of the target for an attack,so our study to some extent,can enhance the user's safety. For me personally,I don't think so and the night can not sleep soundly. Although so,but I will still use my right hand to input the password,but I will be a fitness Tracker worn on my left hand.