The Department of Computer Science Presents the Department Seminar Series
Friend or Foe? Your Wearable Devices Reveal Your Personal PIN
Friday, February 3rd at noon
Location: R15 (3rd Floor), Engineering Building
Abstract: The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. This paper reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 7000 key entry traces collected from 20 adults for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries.
Bio: Yan Wang is an Assistant Professor in the Department of Computer Science at SUNY, Binghamton University since August 2015. His research interests include mobile and pervasive computing, cybersecurity and privacy, and smart healthcare. His work has been published in many top conferences, including ACM MobiCom, ACM MobiHoc, ACM MobiSys, IEEE InfoCom, ACM CCS, IEEE CNS, etc., and peer-reviewed journal articles. Prior to joining the Binghamton University, he was advised by Prof. Yingying Chen with the Department of Electrical and Computer Engineering in Stevens Institute of Technology.