Friday, Oct 02, 2020 | Last Update : 02:06 AM IST

192nd Day Of Lockdown

Maharashtra1400922110442637056 Andhra Pradesh7002356365085869 Karnataka6118374924128994 Tamil Nadu6032905463359586 Uttar Pradesh4031013468595864 Delhi2827522506135401 West Bengal2603242287555017 Odisha222734190080912 Kerala204242131048772 Telangana1936001634071135 Bihar178882164537888 Assam169985139977655 Gujarat1332191132403417 Rajasthan1288591077181441 Haryana1237821059901307 Madhya Pradesh117588932382207 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   In Other news  08 Jun 2018  Kaspersky reveals how your smartwatch spies on you

Kaspersky reveals how your smartwatch spies on you

THE ASIAN AGE
Published : Jun 8, 2018, 6:01 pm IST
Updated : Jun 8, 2018, 6:09 pm IST

Research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals.

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. (Photo: Pixabay)
 Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. (Photo: Pixabay)

New research shows that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that — after analysis — could be turned into datasets unique to the smartwatch owner. These datasets, if misused, allow the user’s activities to be monitored, including the entering of sensitive information. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives of users and their information security.

In recent years, the cybersecurity industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses — from sophisticated digital profiling of cybercriminals’ victims to market predictions on user behaviour. But while consumer paranoia over personal information misuse is growing, with many turning their attention to online platforms and data collection methods, other — less obvious — threat sources remain unprotected. For instance, to help maintain a healthy lifestyle, many of us use fitness trackers to monitor exercise and sports activities. But this could have dangerous consequences.

 

Smart wearable devices, including smartwatches and fitness trackers, are commonly used in sporting activities, to monitor our health and receive push notifications etc. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab experts have examined what user information these sensors could provide to unauthorised third parties, and took a closer look at several smartwatches from a number of vendors.

To examine the issue, experts developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

 

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioural patterns, periods of time when and where users were moving, and how long they were doing it. Most importantly, it was possible to identify sensitive user activities, including entering a pass-phrase on the computer (with an accuracy of up to 96 per cent), entering a PIN code at the ATM (approximately 87 per cent) and unlocking the mobile phone (approximately 64 per cent).

The signal dataset itself is a behavioural pattern unique to the device owner. Using this, a third party could go further and try to identify a user’s identity — either through an email address that was requested at registration stage in the app or via turned on access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is identified, including their daily routines and moments when they are entering important data. And given the growing price for users’ private data, we could fast find ourselves in a world where third parties monetise this vector.

 

But even if this exploit is not capitalised on, but used instead by cybercriminals for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, they could decrypt the received signals using neural networks, waylay victims, or install skimmers at their favourite ATMs. We have already seen how criminals can achieve 80 per cent accuracy when trying to decrypt accelerometer signals and identify the password or PIN using only the data collected from smartwatch sensors. Therefore, users are advised to pay attention to the following peculiarities when wearing smart devices:

 

If the application sends a request to retrieve user account information, this is a cause for concern — because criminals could easily build a “digital fingerprint” of its owner.

If the application also requests permission to send geolocation data, then you should worry. Do not give fitness trackers that you download on your smartwatch, extra permissions or set your corporate e-mail address as the login.

Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

 

Tags: kaspersky, cybersecurity, smartwatch