Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Smartwatch Sensors Can Eavesdrop on Your Typing

September 17, 2015

Naked Security has reported that researchers have shown that a smartwatch's motion sensors can be used to detect what keys you're pressing with whatever hand the watch is on and thus guess at the words you're typing. Their findings suggest that it's possible for cybercriminals to come up with an app that camouflages itself – for example, as a pedometer – and use it to track what someone types.

The research focused on a Samsung watch, but the researchers say it's possible that anyone could write a similar app for any wearable device that uses motion sensors and place it in app stores – thus potentially making other devices, such as Apple Watch and Fitbit, vulnerable to a similar attack.

The Motion Leaks (MoLe) project included creating an app for a Samsung Gear Live smartwatch that uses an accelerometer and gyroscope to track the micro-motion of keystrokes as a wearer types on a keyboard. After their app collects that sensor data, the researchers ran it through a “Keystroke Detection” module that analyzed the timing of each keystroke and the displacement of the watch as the wearer moved his or her wrist to reach for keys that are nearer or further away.

You can see how it works in the researchers' video.

The attack works by applying Bayesian Inference - a method of statistical inference used in many applications, including engineering – on the number of key presses made by the wearer's left hand, the location of those presses, and the timing of key presses.

The distance between the character "F" and "T" may seem slight, but the researchers showed that the micro-time lapse of reaching that far is enough – when combined with data about key-press spacing on a two-dimensional plane – to differentiate which keys are pressed.

Don't throw away that smartwatch yet – the team's system can’t detect special characters such as numbers, punctuation, and symbols that might appear in passwords. It can't deal with a spacebar press either.

So far, the team can't detect what the other watchless hand is doing but it can use timing to determine that the other hand may have struck keys.

Clearly, the research is in its infancy, but nonetheless, it is indicative of how much data leakage will happen without our knowledge.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com
http://twitter.com/sharonnelsonesq
www.linkedin.com/in/sharondnelson

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Smartwatch Sensors Can Eavesdrop on Your Typing

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer