Friend or Foe? Your Wearable Devices Reveal Your Personal PIN

For NYU Community

Speaker:Yingying (Jennifer) Chen, Stevens Institute of Technology

The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. Our work reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 participants for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.

About the Speaker: Yingying (Jennifer) Chen is a Professor in the Department of Electrical and Computer Engineering at Stevens Institute of Technology. Her research interests include cyber security and privacy, Internet of Things, smart healthcare and mobile computing and sensing. She has published over 100 journals and referred conference papers in these areas. She received her Ph.D. degree in Computer Science from Rutgers University. Prior to joining Stevens, she was with Alcatel-Lucent at Murray Hill, New Jersy. She is the recipient of the NSF CAREER Award and Google Faculty Research Award. She also received NJ Inventors Hall of Fame Innovator Award. She is the recipient of the Best Paper Awards from ACM AsiaCCCS 2016, IEEE CNS 2014 and ACM MobiCom 2011. She also received the IEEE Outstanding Contribution Award from IEEE New Jersey Coast Section each year 2005 - 2009. Her research has been reported in numerous media outlets including MIT Technology Review, Fox News Channel, Wall Street Journal, and National Public Radio. She serves on the editorial boards of IEEE Transactions on Mobile Computing (IEEE TMC), IEEE Transactions on Wireless Communications (IEEE TWireless), and IEEE Network Magazine.