UI researchers discover smartwatches easily hacked

It+shows+tracking+smartwatch+location.+The+dots+are+the+moments+when+the+user+pressed+a+key.%0D%0DHe+Wang%2C+a+Ph.D.+candidate+in+Department+of+Electrical+and+Computer+Engineering+at+University+of+Illinois+at+Urbana-Champaign.
Back to Article
Back to Article

UI researchers discover smartwatches easily hacked

It shows tracking smartwatch location. The dots are the moments when the user pressed a key.

He Wang, a Ph.D. candidate in Department of Electrical and Computer Engineering at University of Illinois at Urbana-Champaign.

It shows tracking smartwatch location. The dots are the moments when the user pressed a key. He Wang, a Ph.D. candidate in Department of Electrical and Computer Engineering at University of Illinois at Urbana-Champaign.

candidate in Department of Elec

It shows tracking smartwatch location. The dots are the moments when the user pressed a key. He Wang, a Ph.D. candidate in Department of Electrical and Computer Engineering at University of Illinois at Urbana-Champaign.

candidate in Department of Elec

candidate in Department of Elec

It shows tracking smartwatch location. The dots are the moments when the user pressed a key. He Wang, a Ph.D. candidate in Department of Electrical and Computer Engineering at University of Illinois at Urbana-Champaign.

By Imogen Lindsley

As smartwatches begin to make their presence on the global market, Illinois Electrical and Computer Engineering researchers discovered the devices’ Achilles’ heel: the accumulation of sensor data poses a security threat to users. 

Upon tracing the consumer trend of increased purchasing of smartwatches, He Wang, a Ph.D. candidate in engineering, began to wonder, “If there are a lot of good things smartwatches can bring to our lives, what are the bad parts they could bring?”

Wang, along with Romit Roy Choudhury, an associate professor in electrical and computer engineering, and Ted Tsung-Te Lai, Choudhury’s postdoctoral researcher, have concluded from their research that the smartwatch, which currently records 200 sensor samples per second, poses a security threat to wearers.

“(Gathering sensor data) is quite easy because a lot of apps on the App Store say an app is for counting the calories burned. Download the app and the app uses sensors to count your steps. On the back of this, hackers can gather sensors and infer what the user is typing,” Wang said.

To test their theory, the researchers invented an app called MoLe. As a wearer typed in MoLe, the team collected sensor data on the micro-motion of keystrokes and proceeded to link the timing of each keystroke with the net 2-D displacement of the watch. Next, using an English dictionary, the team was able to identify the words the user was typing.

“When the user is typing, the smartwatch should automatically down sample the data to prevent other third party apps from stealing the user’s information,” Wang said of his solution.

Chirayu Patel, a junior  in Engineering, said he felt that smartwatches are already too expensive, even if they don’t also present privacy risks.

Yet, the smartwatch introduces an arena of possibilities. Strategy Analytics present that the global smartwatch market grew by 457.3% in the year following the second quarter of 2014.

Consumers have applauded apps such as Google Now for reminding them to leave for an event, whilst factoring in traffic, weather and location. Tools such as the pulse-meter and sensors can determine calories burned or steps walked, monitoring health without stalling the flow of everyday life. 

To account for consumer demand, companies such as Apple, Android, Samsung and Motorola have all produced their own versions of the device. 

Pedro Cases, a foreign exchange student and masters candidate in Aerospace Engineering, said he uses his watch to send “direct voice messages to his sister in a funny way.”

Ultimately for Cases, who uses his watch to keep in touch with his family back in Spain, his smartwatch is “not a phone, it’s not a watch, it’s something personal, in between.”

[email protected]