Smartwatches Can be Used to Record Credit Card and ATM PIN Codes

Today's world is intrigued by the latest and greatest gadgets. At times, it seems that certain companies introduce a new product that everyone salivates over until they finally get one in their hands. The introduction of smartwatches has garnered the attention of many but has also gained the attention of hackers who reportedly using them to spy on credit card PIN codes, ultimately extracting sensitive information.

In an astonishing discovery, French student and software engineer, Tony Beltramelli, published information that presents an attack method that allows hackers to obtain credit card and PIN access codes from motion sensors from wearable devices like smartwatches. Beltramelli's published information came out of his master thesis called, "Deep-Spying: Spying using Smartwatch and Deep Learning."

Through Beltramelli's research, attacks initiated by cybercrooks using smartwatches is focused on the surface of 12-key keypads, which are used on ATMs and the touch display of smartphones when using a PIN lock code.

The old connotation of breaking or guessing a credit card or ATM PIN code has found a new face and it looks like the screen of a smartwatch and your smartphone. With that in mind, Beltramelli created a smartwatch application for a Sony SmartWatch 3, which recorded gyroscope and accelerometer sensor data. Taking the recorded data, the patterns of movement data of the smartwatch can be used to pinpoint where a user places his/her fingers on a phone touchscreen or ATM pin pad to decipher which numbers were used. There you have it, a method to record and steal one's PIN code that they enter on an ATM or smartphone while they are wearing smartwatch that is essentially hacked.

While the algorithm and idea of recording PIN codes from a smartwatch seem feasible in a perfect world when Beltramelli's theory and methodology works flawlessly, there is an issue of accuracy. Beltramelli explained to clear the air on his justifiable PIN code theft idea using a smartwatch, that there is a maximum accuracy of 73% using his touchlogging method. However, compared to a maximum accuracy of only 53% with keylogging methods, his "idea" may prove to be more dependable than traditional keylogging approaches.

Beltramelli has explained that his system can infer keystrokes with an accuracy of 19% when other underlying datasets were previously recorded. He also said, "This result suggests that an attacker could log keys from a broad range of devices even if its classifier is trained with measurements from a different compromised device."

To summarize the idea of Beltramelli's clever scheme of recording PIN numbers entered on a 12-key pad to get someone's PIN number for a credit card or ATM, the complete idea is theoretical. However, it resides on the premise of being 100% palpable in the hands of those willing to go the extra mile to make it all work. While we don't have anyone actively using Beltramelli's PIN theft method using a smartwatch yet, hackers and cybercrooks are taking notice.

The video below is a clear-cut synopsis of Beltramelli's "Deep-Spying" PIN theft idea using smartwatches.