New research from Kaspersky Lab has revealed that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that could be turned into datasets unique to the smartwatch owner

Woburn, MA – May 29, 2018 — /BackupReview.info/ — New research from Kaspersky Lab has revealed that smartwatches can become tools for spying on their owners, by collecting silent accelerometer and gyroscope signals that – after analysis – could be turned into datasets unique to the smartwatch owner. These datasets, if misused, could allow the user’s activities to be monitored, including the entering of sensitive information like passwords and PINs. These are the findings of new Kaspersky Lab analysis into the impact that the proliferation of IoT can have on the daily lives and the information security of consumers.

In recent years, the cybersecurity industry has shown that private user data is becoming a very valuable commodity, due to almost limitless criminal uses – from sophisticated digital profiling of cybercriminals’ victims, to market predictions on user behavior. But while consumer paranoia over personal information misuse is growing, with many turning their attention to online platforms and data collection methods, other less obvious threat sources remain unprotected.

Smart wearable devices, including smartwatches and fitness trackers, are commonly used to help maintain a healthy lifestyle, monitor exercise and more. To carry out their main functions, most of these devices are equipped with built-in acceleration sensors (accelerometers), which are often combined with rotation sensors (gyroscopes) for step counting and identifying the user’s current position. Kaspersky Lab researchers examined what user information these sensors could provide to unauthorized third parties, and took a closer look at several smartwatches from a number of vendors.

To examine the issue, the researchers developed a fairly simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. The recorded data was then saved either into the wearable device’s memory or uploaded to the Bluetooth-paired mobile phone.

Using mathematical algorithms available to the smart wearable’s computing power, it was possible to identify behavioral patterns, where users were moving and how long they were in motion. Additionally, it was possible to identify sensitive user activities, including entering a passphrase on the computer (with accuracy of up to 96%), entering a PIN code at the ATM (approximately 87%) and unlocking the mobile phone (approximately 64%).

The signal dataset itself is a behavioral pattern unique to the device owner. Using this, a third party could go further and try to capture a user’s identity – either through an email address that was requested during the app’s registration, or through access to Android account credentials. After that, it is just a matter of time until a victim’s detailed information is uncovered, including their daily routines and moments when they are entering important data. Given the growing price for users’ private data, third parties could eventually monetize this threat.

But even if cybercriminals do not capitalize on this exploit and instead use it for their own malicious purposes, the possible consequences are limited only by their imagination and level of technical knowledge. For instance, a cybercriminal could decrypt the received signals using neural networks, ambush victims, or install skimmers at their favorite ATMs. It has already been revealed that criminals can achieve 80% accuracy when trying to decrypt accelerometer signals and identify a user’s password or PIN using only the data collected from smartwatch sensors.

“Smart wearables are not just miniature gadgets, they are cyber-physical systems that can record, store and process physical parameters,” said Sergey Lurye, a security expert from Kaspersky Lab and co-author of the research. “Our research shows that even very simple algorithms, being run on the smartwatch itself, are able to capture the unique user’s profile of accelerometer and gyroscope signals. These profiles can then be used to deanonymize the user and track his or her activities, including the moments when entering sensitive information. And this can be done via legitimate smartwatch apps that covertly send signal data to third parties.”

When wearing smart devices, Kaspersky Lab researchers advise users to pay attention to the following peculiarities to avoid these threats:

  • If the application sends a request to retrieve user account information, this is a cause for concern, as criminals could easily build a “digital fingerprint” of its owner.
  • If the application also requests permission to send geolocation data, that is a red flag. Do not give fitness trackers that you download on your smartwatch extra permissions other than what was required at setup, and never use your corporate e-mail address for the account.
  • Fast battery consumption of the device can also be a serious cause for concern. If your gadget runs dry within just a few hours instead of a day, you should check what it’s actually doing. It might be writing signal logs, or worse, sending them elsewhere.

To learn more about surveillance via smart wearable devices, read our blog post on Securelist.com

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com

Media Contact
Meghan Rimol
781.503.2671
meghan.rimol@kaspersky.com

Source: Kaspersky Lab 

 

 

Related posts:

  1. New Kaspersky Endpoint Security for Business Delivers Enhanced Data Protection and Manageability Across All Platforms and Devices
  2. Kaspersky Lab Reports Malicious Attack Increase in Q1 IT Threat Evolution Report
  3. Mine a Million: Kaspersky Lab Identifies Sophisticated Hacker Group Earning Millions through Mining Malware
  4. Kaspersky Lab Discovers Critical Vulnerabilities in Popular Industrial Protocol
  5. Kaspersky Lab Discovers Smart Home Hub Vulnerable to Remote Attacks
  6. Kaspersky Lab Number of the Year 2016: 323,000 Pieces of Malware Detected Daily
  7. Kaspersky Lab and Acronis Collaborate to Provide Channel Partners with Premium Security and Backup Solutions for Businesses
  8. One Billion More: Kaspersky Lab Reports on Cyber Threats in 2014
  9. Kaspersky Lab Report: Every Third ICS Computer Attacked was from the Manufacturing Sector
  10. Increasing Digital Clutter Leaves Consumers Exposed, Kaspersky Lab Study Reveals

Tags: ,