[ad_1]
A new study shows that smartwatches can become spy tools for their owners by collecting silent accelerometer and gyroscopic signals that, after badysis, can be converted into unique data sets for their owners. smartwatch owner
These datasets, if they are misused, allow the user to track user activities, including the introduction of sensitive information .
Here are the new results of badysis of Kaspersky Lab (19459003) In recent years, the digital security industry has shown that the privacy of the The user they become a valuable product because of the virtually unlimited criminal uses that they may have: From a sophisticated digital profile of the victims of digital criminals to market forecasts for user behavior
While the "paranoia" of users about the misuse of their personal information is growing, others – less obvious – the sources of threat remain unprotected. For example, many use fitness trackers to track exercise and sports.
"Smart" handheld devices, including smartwatches and fitness trackers, are widely used in sports activities, monitor our health and receive push notifications, etc. Most of these devices are equipped with integrated acceleration sensors (accelerometers), often badociated with gyro sensors to measure steps and determine the position of the current user
Kaspersky. Lab decided to look at what user information these sensors could provide to unauthorized third parties and looked more closely at different smartwatches from different vendors.
To solve this problem, the experts developed a relatively simple smartwatch application that recorded signals from built-in accelerometers and gyroscopes. Then the recorded data was stored either in the memory of the mobile device or downloaded to the Bluetooth mobile phone.
Using mathematical algorithms available in the portable computing power, it was possible to determine patterns of behavior, periods, and where users were moving and how long they did. The most important was to identify the sensitive user activities, including entering an access phrase to the computer (up to 96% accuracy), enter PIN code at the ATM machine (about 87% and unlocking the cell phone (about 64%).
The signal data set itself is a proprietary behavior pattern By using this, a third party can go further and try to identify a user – either through an email requested at the application registration stage. either through an activated access to the Android account login information
.This is only a matter of time to define the victim's detailed information, including daily routines and times when important data are captured.And considering the rising prices for user data pri We could quickly find ourselves in a world where third parties generate revenue.
But even if this exploit is not exploited, and used by digital criminals only on their own. For malicious purposes, the possible consequences are limited only by their imagination and the level of their technical knowledge. For example, they could decipher incoming signals using neural networks, conceal victims, or install skimmers in their favorite ATMs.
We have already seen how criminals can achieve 80% accuracy when they do not. they are trying to decipher signals from an accelerometer. to identify the pbadword or PIN using only the data collected by the smartwatch sensors.
"The Smart Wearable is not just a miniature gadget, it's a digital-physical system that can record, store and process physical parameters.Our research shows that even very simple algorithms running on the smartwatch itself are able to record the unique user profile of the accelerometer and gyroscopic signal
These profiles can then be used to remove the user anonymity and monitor its activities, including the introduction of sensitive information.And this can be done through legitimate smartwatch applications that send secret data to third parties, " Sergey Lurye lover of security and co-author of the research of Kaspersky Lab
] Kaspersky Lab advises users to pay attention to the following particularities when they wear "Intelligent" reels:
- If the app sends a request to retrieve user account information, this should worry you as criminals could easily create a "digital failure" closure "of their owner
- If l & rsquo; Application also requires permission to send geospatial data, so you should worry. Do not give fitness trackers to download additional rights on your smartwatch or set your business email as login
- The fast battery consumption of your device can also be a cause for concern. If the battery of your gadget ends in a few hours instead of a day, you should check what it really does. It may contain newspapers or, worse, send them elsewhere.
Source link
