French college student Tony Beltramelli has e-published his scientific research on the use of so-called “smart watches” and special algorithms to track the users of these watches.
The topic of the paper (and this fundamentally new approach to hacking attacks) involves the interception and deep analysis of data from the accelerometer of a worn device. In this case the device in question is a smart watch (the Samsung Gear Live, for example) or fitness bracelet. These devices are worn on the wrist, which makes it possible to intercept data the user has typed in with this wrist on any physical or touch keyboard.
This specific study is dedicated to a method for intercepting keypresses on a standard 12-key numerical keypad such as those used at ATMs or for entering PIN codes in mobile applications.
The data from the accelormeter is collected by the worn device, then transmitted via Bluetooth to a nearby smartphone, and then from the phone to a server via GPRS/LTE. On the server the data is processed using a special algorithm in Java, Python, and Lua that imitates a neural network.
The algorithm cancels out noise, looks for signs of a PIN code being entered, and decodes it with a reliability of 59-73%. After processing by a neural net the reliability of the decoding process is significantly increased (up to 92%).
The developer has posted outgoing codes from this process on GitHub and video demonstrations of the process on YouTube.
The only thing that remains unclear is why anyone would enter a PIN code with the same they use for their watch. Watches are usually worn on the left hand, but most right-handed people enter their codes with their right hand.