- Just as cross-platform interoperability promises heightened competition and possible broader reach in the smart watch sector, research shows new cause for concern in wearable mobile device integration.
Using a homegrown app on a Samsung Gear Live smart watch, researchers at the University of Illinois at Urbana-Champaign were able to guess what a user was typing on a computer keyboard through data “leaks” produced by the watch’s built-in motion sensors. The project has privacy implications, according to the research team, because an app camouflaged as a pedometer, for example, could gather data from emails, search queries and confidential documents.
"Sensor data from wearable devices will clearly be a double-edged sword," said Romit Roy Choudhury, associate professor of electrical and computer engineering at Illinois. "While the device's contact to the human body will offer invaluable insights into human health and context, it will also make way for deeper violation into human privacy. The core challenge is in characterizing what can or cannot be inferred from sensor data."
The app uses an accelerometer and gyroscope to track the “micro-motion” of keystrokes as a wearer types. The researchers collected sensor data and ran it through a keystroke-detection module, which analyzed the timing of each keystroke and the two-dimensional displacement of the watch (e.g., the left wrist moves farther to type a “T” than an “F”).
The project shows the possibility of hackers building similar apps and deploying them to popular app libraries such as iTunes.
A potential solution to the motion leaks would be to lower the sample rate of the sensors in the watch, said He Wang, a PhD student in electrical and computer engineering at Illinois. The normal sample rate is around 200 Hertz, meaning the system logs 200 accelerometer and gyroscope readings per second. Lowering that number below 15 would make users’ wrist movements extremely difficult to track.
However, there are limitations on the current data-collection process. For example, the team’s system can’t detect special characters such as numbers, punctuation and symbols that might appear in passwords. Likewise, the space bar poses an obstacle. In addition, the researchers noted that they can only collect data from the hand wearing the watch and from people who use standard typing patterns.
Nonetheless, project team members believe that any wearable device that uses motion sensors — from the Apple Watch to Fitbit’s line of activity trackers — could be vulnerable to data collection through leaks.
“We would advise people who use the watch to enjoy it, but know that there’s a threat,” said Ted Tsung-Te Lai, a post-doctorate researcher working on the project.
Recent developments in the smart watch market indicate increased interoperability across previously separate platforms, which could open up the market to new devices. On Aug. 31, Google introduced Android Wear for iOS, which enables iPhones running iOS version 8.2 or higher (models 5 and up) to pair with an Android Wear watch. This partnership removes the restriction for iPhone users to connect their smartphone strictly with the Apple Watch, which was released earlier this year.
Photo credit: University of Illinois