While smartwatches are still a bit of a niche market, it’s safe to call them fairly popular at this point. With that being the case, most users are aware that the average smartwatch contains a bevy of sensors that can pick up movement, mostly for fitness tracking purposes. Modern smartwatches are packed with gyrometers, accelerometers and compasses, among other things. In most cases, this tech’s uses are far from terribly precise. The hardware, however, could pick up much more subtle movements than it’s currently programmed to. Researchers with Binghamton University and the Stevens Institute of Technology were able to measure tiny movements, down to a few millimeters, using study participants’ smartwatches. They were able to, in most cases, precisely reproduce input from the user such as inputting a bank PIN number.
The team of researchers started by creating an algorithm that measured direction and distance of movements. The measurements, extrapolated from simple smartwatch sensor data, was then run through the algorithm to reproduce the movements that had created the measurements. Data was collected over 11 months from 20 participants, all using different wearables during the testing period. From the data collected and processed, researchers were able to achieve a success rate of 80% at first, and 90% on third tries. This was in a 5,000 attempt testing cycle. While this means that a potential PIN thief would have to monitor your data for a very long period, then use a complicated algorithm through dozens of passes, the threat is still there, especially if the method is somehow refined.
The researches did not reveal exactly how their algorithm worked, to avoid it being misused. Likewise, they did not propose any kind of exact solution for how to throw data thieves off the trail of the precise movements, instead suggesting that smartwatch and fitness tracker manufacturers inject some sort of “garbage data” in trace amounts to throw off the precision with which movements could be reproduced with this method. The research goes to demonstrate the unexpected ways that the fine data collected by the devices we use every day can be utilized, and serves as a bit of a cautionary tale.