How Wearing a Smartwatch Can Help Hackers Steal Your ATM PIN
If you happen to visit the bank while wearing a smartwatch or fitness tracker, take it off and don’t go near the ATM.
Researchers led by electrical and computer engineering professor Yingying Chen at the Stevens Institute of Technology have published a study about how wearable devices can be used by wily hackers to steal ATM PINs. And unfortunately, for those hackers who know what they’re doing, it’s surprisingly easy to steal access codes.
The researchers noted that wearables come with “embedded sensors” including gyroscopes and accelerometers that track their wearers’ movements. However, all of those sensors are also capturing hand movements on a keyboard, or, in this case, an ATM keypad.
For hackers to steal passcodes, they must download the sensor data from the devices. To do that, hackers can simply use a wireless “sniffer” that’s can capture and interpret packets of data sent between the wearable device and the smartphone it wirelessly connects to via Bluetooth. In addition, hackers could opt to install malware on the wearable or smartphone, and have it simply send the sensor data back to them half a world away, one of the researchers told IEEE, which earlier reported about the possible hack.
Get Data Sheet, Fortune’s technology newsletter
Armed with the information, the hackers simply analyze how people using the wearables moved their hands on the keypad and at what speed. They can then recreate those movements, pressing numbers as they go, to deduce PIN numbers.
While that might sound difficult, it’s actually easy. In fact, the researchers found that they were able to correctly guess a person’s PIN 80% of the time in their first attempt. The success rate jumped to 90% after three attempts. What’s worse, the tactic works on just about every wearable and smartwatch available.
The researchers conducted more than 5,000 key entry traces from 20 adults.
For more about smartwatches, watch:
So, what can you do to keep your PIN safe from hackers? Unfortunately, what makes wearables appealing to so many is that they have built-in movement trackers that provide valuable health and fitness insight. And without those sensors, wearables would have little use.
The only possible way to prevent a hack, therefore, may be to take off your smartwatch before entering your ATM PIN.
Correction: July 12, 2016 (2 pm): This article incorrectly identified the researchers who reported that hackers could steal bank PIN numbers by tapping into data from wearable devices. The research was not conducted at Binghamton University, where one of the team’s researchers works. It was actually done at the Stevens Institute of Technology, and led by electrical and computer engineering professor Yingying Chen.