Visible to the public Biblio

Filters: Keyword is wearables security  [Clear All Filters]
2021-05-20
Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  The Accuracy of GPS-Enabled Fitbit Activities as Evidence: A Digital Forensics Study. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :186—189.

Technology is advancing rapidly and with this advancement, it has become apparent that it is nearly impossible to not leave a digital trace when committing a crime. As evidenced by multiple cases handled by law enforcement, Fitbit data has proved to be useful when determining the validity of alibis and in piecing together the timeline of a crime scene. In our paper, experiments testing the accuracy and reliability of GPS-tracked activities logged by the Fitbit Alta tracker and Ionic smartwatch are conducted. Potential indicators of manipulated or altered GPS-tracked activities are identified to help guide digital forensic investigators when handling such Fitbit data as evidence.

Kumar, Devendra, Mathur, Dhirendra.  2020.  Proximity Coupled Wideband Wearable Antenna for Body Area Networks. 2020 5th International Conference on Computing, Communication and Security (ICCCS). :1—5.

This paper presents a proximity coupled wideband wearable antenna operating between 4.71 GHz and 5.81 GHz with 5.2 GHz as centre frequency for biomedical telemetry applications in ISM band (IEEE 802.11 Standard). Two layers of different flexible substrate materials, ethylene-vinyl acetate and felt make the design mechanically stable. Bandwidth improvement is achieved by introducing two slots on elliptical ground plane. Highest gain of 3.72 dB and front to back ratio (FBR) of 6.55 is obtained in the given frequency band. The dimensions of antenna have been optimized to have desired bandwidth of 1100 MHz (\$\textbackslashtextbackslashsimeq\$21%). The specific absorption rate (SAR) value is 1.12 \$W/Kg\$ for 1 g of human body tissue. Both simulated and measured results are presented for the structure.

Heydari, Vahid.  2020.  A New Security Framework for Remote Patient Monitoring Devices. 2020 International Symposium on Networks, Computers and Communications (ISNCC). :1—4.

Digital connectivity is fundamental to the health care system to deliver safe and effective care. However, insecure connectivity could be a major threat to patient safety and privacy (e.g., in August 2017, FDA recalled 465,000 pacemakers because of discovering security flaws). Although connecting a patient's pacemaker to the Internet has many advantages for monitoring the patient, this connectivity opens a new door for cyber-attackers to steal the patient data or even control the pacemaker or damage it. Therefore, patients are forced to choose between connectivity and security. This paper presents a framework for secure and private communications between wearable medical devices and patient monitoring systems. The primary objective of this research is twofold, first to identify and analyze the communication vulnerabilities, second, to develop a framework for combating unauthorized access to data through the compromising of computer security. Specifically, hiding targets from cyber-attackers could prevent our system from future cyber-attacks. This is the most effective way to stop cyber-attacks in their first step.

Mehndiratta, Nishtha.  2020.  A Yoking-Proof and PUF-based Mutual Authentication Scheme for Cloud-aided Wearable Devices. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—4.

In today's world privacy is paramount in everyone's life. Alongside the growth of IoT (Internet of things), wearable devices are becoming widely popular for real-time user monitoring and wise service support. However, in contrast with the traditional short-range communications, these resource-scanty devices face various vulnerabilities and security threats during the course of interactions. Hence, designing a security solution for these devices while dealing with the limited communication and computation capabilities is a challenging task. In this work, PUF (Physical Unclonable Function) and lightweight cryptographic parameters are used together for performing two-way authentication between wearable devices and smartphone, while the simultaneous verification is performed by providing yoking-proofs to the Cloud Server. At the end, it is shown that the proposed scheme satisfies many security aspects and is flexible as well as lightweight.

Narwal, Bhawna, Ojha, Arushi, Goel, Nimisha, Dhawan, Sudipti.  2020.  A Yoking-Proof Based Remote Authentication Scheme for Cloud-Aided Wearable Devices (YPACW). 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.

The developments made in IoT applications have made wearable devices a popular choice for collecting user data to monitor this information and provide intelligent service support. Since wearable devices are continuously collecting and transporting a user's sensitive data over the network, there exist increased security challenges. Moreover, wearable devices lack the computation capabilities in comparison to traditional short-range communication devices. In this paper, authors propounded a Yoking Proof based remote Authentication scheme for Cloud-aided Wearable devices (YPACW) which takes PUF and cryptographic functions and joins them to achieve mutual authentication between the wearable devices and smartphone via a cloud server, by performing the simultaneous verification of these devices, using the established yoking-proofs. Relative to Liu et al.'s scheme, YPACW provides better results with the reduction of communication and processing cost significantly.

Mheisn, Alaa, Shurman, Mohammad, Al-Ma’aytah, Abdallah.  2020.  WSNB: Wearable Sensors with Neural Networks Located in a Base Station for IoT Environment. 2020 7th International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :1—4.
The Internet of Things (IoT) is a system paradigm that recently introduced, which includes different smart devices and applications, especially, in smart cities, e.g.; manufacturing, homes, and offices. To improve their awareness capabilities, it is attractive to add more sensors to their framework. In this paper, we propose adding a new sensor as a wearable sensor connected wirelessly with a neural network located on the base station (WSNB). WSNB enables the added sensor to refine their labels through active learning. The new sensors achieve an average accuracy of 93.81%, which is 4.5% higher than the existing method, removing human support and increasing the life cycle for the sensors by using neural network approach in the base station.
Almogbil, Atheer, Alghofaili, Abdullah, Deane, Chelsea, Leschke, Timothy, Almogbil, Atheer, Alghofaili, Abdullah.  2020.  Digital Forensic Analysis of Fitbit Wearable Technology: An Investigator’s Guide. 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :44—49.
Wearable technology, such as Fitbit devices, log a user's daily activities, heart rate, calories burned, step count, and sleep activity. This information is valuable to digital forensic investigators as it may serve as evidence to a crime, to either support a suspect's innocence or guilt. It is important for an investigator to find and analyze every piece of data for accuracy and integrity; however, there is no standard for conducting a forensic investigation for wearable technology. In this paper, we conduct a forensic analysis of two different Fitbit devices using open-source tools. It is the responsibility of the investigator to show how the data was obtained and to ensure that the data was not modified during the analysis. This paper will guide investigators in understanding what data is collected by a Fitbit device (specifically the Ionic smartwatch and Alta tracker), how to handle Fitbit devices, and how to extract and forensically analyze said devices using open-source tools, Autopsy Sleuth Kit and Bulk Extractor Viewer.
Sunehra, Dhiraj, Sreshta, V. Sai, Shashank, V., Kumar Goud, B. Uday.  2020.  Raspberry Pi Based Smart Wearable Device for Women Safety using GPS and GSM Technology. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1—5.
Security has become a major concern for women, children and even elders in every walk of their life. Women are getting assaulted and molested, children are getting kidnapped, elder citizens are also facing many problems like robbery, etc. In this paper, a smart security solution called smart wearable device system is implemented using the Raspberry Pi3 for enhancing the safety and security of women/children. It works as an alert as well as a security system. It provides a buzzer alert alert to the people who are nearby to the user (wearing the smart device). The system uses Global Positioning System (GPS) to locate the user, sends the location of the user through SMS to the emergency contact and police using the Global System for Mobile Communications (GSM) / General Radio Packet Service (GPRS) technology. The device also captures the image of the assault and surroundings of the user or victim using USB Web Camera interfaced to the device and sends it as an E-mail alert to the emergency contact soon after the user presses the panic button present on Smart wearable device system.
Kamalraj, R., Madhan, E.S., Ghamya, K., Bhargavi, V..  2020.  Enhance Safety and Security System for Children in School Campus by using Wearable Sensors. 2020 Fourth International Conference on Computing Methodologies and Communication (ICCMC). :986—990.
Child security in the school campus is most important in building a good society. In and around the world the children are abused and killed also in sometimes by the people those who are not in good attitude in the school campus. To track and resolve such issues an enhanced security feature system is required. Hence in this paper an enhanced version of security system for children is proposed by using `Wearable Sensors'. In this proposed method two wearable sensors nodes such as `Staff Node' and `Student Node' are paired by using `Bluetooth' communication technology and Smart Watch technology is also used to communicate the Security Center or Processing Node for tracking them about their location and whether the two nodes are moved away from the classroom. If the child node is not moving for a long period then it may be notified by the center and they will inform the security officers near to the place. This proposed method may satisfy the need of school management about the staff movements with students and the behavior of students to avoid unexpected issues.
2020-12-28
Zhang, C., Shahriar, H., Riad, A. B. M. K..  2020.  Security and Privacy Analysis of Wearable Health Device. 2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC). :1767—1772.

Mobile wearable health devices have expanded prevalent usage and become very popular because of the valuable health monitor system. These devices provide general health tips and monitoring human health parameters as well as generally assisting the user to take better health of themselves. However, these devices are associated with security and privacy risk among the consumers because these devices deal with sensitive data information such as users sleeping arrangements, dieting formula such as eating constraint, pulse rate and so on. In this paper, we analyze the significant security and privacy features of three very popular health tracker devices: Fitbit, Jawbone and Google Glass. We very carefully analyze the devices' strength and how the devices communicate and its Bluetooth pairing process with mobile devices. We explore the possible malicious attack through Bluetooth networking by hacker. The outcomes of this analysis show how these devices allow third parties to gain sensitive information from the device exact location that causes the potential privacy breach for users. We analyze the reasons of user data security and privacy are gained by unauthorized people on wearable devices and the possible challenge to secure user data as well as the comparison of three wearable devices (Fitbit, Jawbone and Google Glass) security vulnerability and attack type.

2020-02-17
Shang, Jiacheng, Wu, Jie.  2019.  A Usable Authentication System Using Wrist-Worn Photoplethysmography Sensors on Smartwatches. 2019 IEEE Conference on Communications and Network Security (CNS). :1–9.
Smartwatches are expected to become the world's best-selling electronic product after smartphones. Various smart-watches have been released to the private consumer market, but the data on smartwatches is not well protected. In this paper, we show for the first time that photoplethysmography (PPG)signals influenced by hand gestures can be used to authenticate users on smartwatches. The insight is that muscle and tendon movements caused by hand gestures compress the arterial geometry with different degrees, which has a significant impact on the blood flow. Based on this insight, novel approaches are proposed to detect the starting point and ending point of the hand gesture from raw PPG signals and determine if these PPG signals are from a normal user or an attacker. Different from existing solutions, our approach leverages the PPG sensors that are available on most smartwatches and does not need to collect training data from attackers. Also, our system can be used in more general scenarios wherever users can perform hand gestures and is robust against shoulder surfing attacks. We conduct various experiments to evaluate the performance of our system and show that our system achieves an average authentication accuracy of 96.31 % and an average true rejection rate of at least 91.64% against two types of attacks.
Hylamia, Sam, Yan, Wenqing, Rohner, Christian, Voigt, Thiemo.  2019.  Tiek: Two-tier Authentication and Key Distribution for Wearable Devices. 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob). :1–6.
Wearable devices, such as implantable medical devices and smart wearables, are becoming increasingly popular with applications that vary from casual activity monitoring to critical medical uses. Unsurprisingly, numerous security vulnerabilities have been found in this class of devices. Yet, research on physical measurement-based authentication and key distribution assumes that body-worn devices are benign and uncompromised. Tiek is a novel authentication and key distribution protocol which addresses this issue. We utilize two sources of randomness to perform device authentication and key distribution simultaneously but through separate means. This creates a two-tier authorization scheme that enables devices to join the network while protecting them from each other. We describe Tiek and analyze its security.
Chowdhury, Mohammad Jabed Morshed, Colman, Alan, Kabir, Muhammad Ashad, Han, Jun, Sarda, Paul.  2019.  Continuous Authorization in Subject-Driven Data Sharing Using Wearable Devices. 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :327–333.
Sharing personal data with other people or organizations over the web has become a common phenomena of our modern life. This type of sharing is usually managed by access control mechanisms that include access control model and policies. However, these models are designed from the organizational perspective and do not provide sufficient flexibility and control to the individuals. Therefore, individuals often cannot control sharing of their personal data based on their personal context. In addition, the existing context-aware access control models usually check contextual condition once at the beginning of the access and do not evaluate the context during an on-going access. Moreover, individuals do not have control to define how often they want to evaluate the context condition for an ongoing access. Wearable devices such as Fitbit and Apple Smart Watch have recently become increasingly popular. This has made it possible to gather an individual's real-time contextual information (e.g., location, blood-pressure etc.) which can be used to enforce continuous authorization to the individual's data resources. In this paper, we introduce a novel data sharing policy model for continuous authorization in subject-driven data sharing. A software prototype has been implemented employing a wearable device to demonstrate continuous authorization. Our continuous authorization framework provides more control to the individuals by enabling revocation of on-going access to shared data if the specified context condition becomes invalid.
Wang, Chen, Liu, Jian, Guo, Xiaonan, Wang, Yan, Chen, Yingying.  2019.  WristSpy: Snooping Passcodes in Mobile Payment Using Wrist-worn Wearables. IEEE INFOCOM 2019 - IEEE Conference on Computer Communications. :2071–2079.
Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs or patterns) are the first choice of most consumers to authorize the payment. This paper demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, WristSpy, which examines to what extent the user's PIN/pattern during the mobile payment could be revealed from a single wrist-worn wearable device under different passcode input scenarios involving either two hands or a single hand. In particular, WristSpy has the capability to accurately reconstruct fine-grained hand movement trajectories and infer PINs/patterns when mobile and wearable devices are on two hands through building a Euclidean distance-based model and developing a training-free parallel PIN/pattern inference algorithm. When both devices are on the same single hand, a highly challenging case, WristSpy extracts multi-dimensional features by capturing the dynamics of minute hand vibrations and performs machine-learning based classification to identify PIN entries. Extensive experiments with 15 volunteers and 1600 passcode inputs demonstrate that an adversary is able to recover a user's PIN/pattern with up to 92% success rate within 5 tries under various input scenarios.
MacDermott, Áine, Lea, Stephen, Iqbal, Farkhund, Idowu, Ibrahim, Shah, Babar.  2019.  Forensic Analysis of Wearable Devices: Fitbit, Garmin and HETP Watches. 2019 10th IFIP International Conference on New Technologies, Mobility and Security (NTMS). :1–6.
Wearable technology has been on an exponential rise and shows no signs of slowing down. One category of wearable technology is Fitness bands, which have the potential to show a user's activity levels and location data. Such information stored in fitness bands is just the beginning of a long trail of evidence fitness bands can store, which represents a huge opportunity to digital forensic practitioners. On the surface of recent work and research in this area, there does not appear to be any similar work that has already taken place on fitness bands and particularly, the devices in this study, a Garmin Forerunner 110, a Fitbit Charge HR and a Generic low-cost HETP fitness tracker. In this paper, we present our analysis of these devices for any possible digital evidence in a forensically sound manner, identifying files of interest and location data on the device. Data accuracy and validity of the evidence is shown, as a test run scenario wearing all of the devices allowed for data comparison analysis.
Pandelea, Alexandru-Ionut, Chiroiu, Mihai-Daniel.  2019.  Password Guessing Using Machine Learning on Wearables. 2019 22nd International Conference on Control Systems and Computer Science (CSCS). :304–311.
Wearables are now ubiquitous items equipped with a multitude of sensors such as GPS, accelerometer, or Bluetooth. The raw data from this sensors are typically used in a health context. However, we can also use it for security purposes. In this paper, we present a solution that aims at using data from the sensors of a wearable device to identify the password a user is typing on a keyboard by using machine learning algorithms. Hence, the purpose is to determine whether a malicious third party application could extract sensitive data through the raw data that it has access to.
Zhang, Lili, Han, Dianqi, Li, Ang, Li, Tao, Zhang, Yan, Zhang, Yanchao.  2019.  WristUnlock: Secure and Usable Smartphone Unlocking with Wrist Wearables. 2019 IEEE Conference on Communications and Network Security (CNS). :28–36.
We propose WristUnlock, a novel technique that uses a wrist wearable to unlock a smartphone in a secure and usable fashion. WristUnlock explores both the physical proximity and secure Bluetooth connection between the smartphone and wrist wearable. There are two modes in WristUnlock with different security and usability features. In the WristRaise mode, the user raises his smartphone in his natural way with the same arm carrying the wrist wearable; the smartphone gets unlocked if the acceleration data on the smartphone and wrist wearable satisfy an anticipated relationship specific to the user himself. In the WristTouch mode, the wrist wearable sends a random number to the smartphone through both the Bluetooth channel and a touch-based physical channel; the smartphone gets unlocked if the numbers received from both channels are equal. We thoroughly analyze the security of WristUnlock and confirm its high efficacy through detailed experiments.
Hassan, Mehmood, Mansoor, Khwaja, Tahir, Shahzaib, Iqbal, Waseem.  2019.  Enhanced Lightweight Cloud-assisted Mutual Authentication Scheme for Wearable Devices. 2019 International Conference on Applied and Engineering Mathematics (ICAEM). :62–67.
With the emergence of IoT, wearable devices are drawing attention and becoming part of our daily life. These wearable devices collect private information about their wearers. Mostly, a secure authentication process is used to verify a legitimate user that relies on the mobile terminal. Similarly, remote cloud services are used for verification and authentication of both wearable devices and wearers. Security is necessary to preserve the privacy of users. Some traditional authentication protocols are proposed which have vulnerabilities and are prone to different attacks like forgery, de-synchronization, and un-traceability issues. To address these vulnerabilities, recently, Wu et al. (2017) proposed a cloud-assisted authentication scheme which is costly in terms of computations required. Therefore this paper proposed an improved, lightweight and computationally efficient authentication scheme for wearable devices. The proposed scheme provides similar level of security as compared to Wu's (2017) scheme but requires 41.2% lesser computations.
Yang, Chen, Liu, Tingting, Zuo, Lulu, Hao, Zhiyong.  2019.  An Empirical Study on the Data Security and Privacy Awareness to Use Health Care Wearable Devices. 2019 16th International Conference on Service Systems and Service Management (ICSSSM). :1–6.
Recently, several health care wearable devices which can intervene in health and collect personal health data have emerged in the medical market. Although health care wearable devices promote the integration of multi-layer medical resources and bring new ways of health applications for users, it is inevitable that some problems will be brought. This is mainly manifested in the safety protection of medical and health data and the protection of user's privacy. From the users' point of view, the irrational use of medical and health data may bring psychological and physical negative effects to users. From the government's perspective, it may be sold by private businesses in the international arena and threaten national security. The most direct precaution against the problem is users' initiative. For better understanding, a research model is designed by the following five aspects: Security knowledge (SK), Security attitude (SAT), Security practice (SP), Security awareness (SAW) and Security conduct (SC). To verify the model, structural equation analysis which is an empirical approach was applied to examine the validity and all the results showed that SK, SAT, SP, SAW and SC are important factors affecting users' data security and privacy protection awareness.
Rizk, Dominick, Rizk, Rodrigue, Hsu, Sonya.  2019.  Applied Layered-Security Model to IoMT. 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). :227–227.

Nowadays, IoT has crossed all borders and become ubiquitous in everyday life. This emerging technology has a huge success in closing the gap between the digital and the real world. However, security and privacy become huge concerns especially in the medical field which prevent the healthcare industry from adopting it despite its benefits and potentials. This paper focuses on identifying potential security threats to the IoMT and presents the security mechanisms to remove any possible impediment from immune information security of IoMT. A summarized framework of the layered-security model is proposed followed by a specific assessment review of each layer.

2019-01-16
Shrestha, P., Shrestha, B., Saxena, N..  2018.  Home Alone: The Insider Threat of Unattended Wearables and A Defense using Audio Proximity. 2018 IEEE Conference on Communications and Network Security (CNS). :1–9.

In this paper, we highlight and study the threat arising from the unattended wearable devices pre-paired with a smartphone over a wireless communication medium. Most users may not lock their wearables due to their small form factor, and may strip themselves off of these devices often, leaving or forgetting them unattended while away from homes (or shared office spaces). An “insider” attacker (potentially a disgruntled friend, roommate, colleague, or even a spouse) can therefore get hold of the wearable, take it near the user's phone (i.e., within radio communication range) at another location (e.g., user's office), and surreptitiously use it across physical barriers for various nefarious purposes, including pulling and learning sensitive information from the phone (such as messages, photos or emails), and pushing sensitive commands to the phone (such as making phone calls, sending text messages and taking pictures). The attacker can then safely restore the wearable, wait for it to be left unattended again and may repeat the process for maximum impact, while the victim remains completely oblivious to the ongoing attack activity. This malicious behavior is in sharp contrast to the threat of stolen wearables where the victim would unpair the wearable as soon as the theft is detected. Considering the severity of this threat, we also respond by building a defense based on audio proximity, which limits the wearable to interface with the phone only when it can pick up on an active audio challenge produced by the phone.

Hwang, D., Shin, J., Choi, Y..  2018.  Authentication Protocol for Wearable Devices Using Mobile Authentication Proxy. 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN). :700–702.
The data transmitted from the wearable device commonly includes sensitive data. So, application service using the data collected from the unauthorized wearable devices can cause serious problems. Also, it is important to authenticate any wearable device and then, protect the transmitted data between the wearable devices and the application server. In this paper, we propose an authentication protocol, which is designed by using the Transport Layer Security (TLS) handshake protocol combined with a mobile authentication proxy. By using the proposed authentication protocol, we can authenticate the wearable device. And we can secure data transmission since session key is shared between the wearable device and the application server. In addition, the proposed authentication protocol is secure even when the mobile authentication proxy is unreliable.
Shrestha, Prakash, Saxena, Nitesh.  2018.  Listening Watch: Wearable Two-Factor Authentication Using Speech Signals Resilient to Near-Far Attacks. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :99–110.
Reducing the level of user effort involved in traditional two-factor authentication (TFA) constitutes an important research topic. A recent effort in this direction leverages ambient sounds to detect the proximity between the second factor device (phone) and the login terminal (browser), and eliminates the need for the user to transfer PIN codes. This approach is highly usable, but is completely vulnerable against far-near attackers, i.e., ones who are remotely located and can guess the victim's audio environment or make the phone create predictable sounds (e.g., ringers), and those who are in physical proximity of the user. In this paper, we propose Listening-Watch, a new TFA mechanism based on a wearable device (watch/bracelet) and active browser-generated random speech sounds. As the user attempts to login, the browser populates a short random code encoded into speech, and the login succeeds if the watch's audio recording contains this code (decoded using speech recognition), and is similar enough to the browser's audio recording. The remote attacker, who has guessed the user's environment or created predictable phone/watch sounds, will be defeated since authentication success relies upon the presence of the random code in watch's recordings. The proximity attacker will also be defeated unless it is extremely close to the watch, since the wearable microphones are usually designed to be only capable of picking up nearby sounds (e.g., voice commands). Furthermore, due to the use of a wearable second factor device, Listening-Watch naturally enables two-factor security even when logging in from a mobile phone. Our contributions are three-fold. First, we introduce the idea of strong and low-effort TFA based on wearable devices, active speech sounds and speech recognition, giving rise to the Listening-Watch system that is secure against both remote and proximity attackers. Second, we design and implement Listening-Watch for an Android smartwatch (and companion smartphone) and the Chrome browser, without the need for any browser plugins. Third, we evaluate Listening-Watch for authentication errors in both benign and adversarial settings. Our results show that Listening-Watch can result in minimal errors in both settings based on appropriate thresholdization and speaker volume levels.
Maiti, Anindya, Heard, Ryan, Sabra, Mohd, Jadliwala, Murtuza.  2018.  Towards Inferring Mechanical Lock Combinations Using Wrist-Wearables As a Side-Channel. Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks. :111–122.
Wrist-wearables such as smartwatches and fitness bands are equipped with a variety of high-precision sensors that support novel contextual and activity-based applications. The presence of a diverse set of on-board sensors, however, also expose an additional attack surface which, if not adequately protected, could be potentially exploited to leak private user information. In this paper, we investigate the feasibility of a new attack that takes advantage of a wrist-wearable's motion sensors to infer input on mechanical devices typically used to secure physical access, for example, combination locks. We outline an inference framework that attempts to infer a lock's unlock combination from the wrist motion captured by a smartwatch's gyroscope sensor, and uses a probabilistic model to produce a ranked list of likely unlock combinations. We conduct a thorough empirical evaluation of the proposed framework by employing unlocking-related motion data collected from human subject participants in a variety of controlled and realistic settings. Evaluation results from these experiments demonstrate that motion data from wrist-wearables can be effectively employed as a side-channel to significantly reduce the unlock combination search-space of commonly found combination locks, thus compromising the physical security provided by these locks.
Wang, Chen, Liu, Jian, Guo, Xiaonan, Wang, Yan, Chen, Yingying.  2018.  Inferring Mobile Payment Passcodes Leveraging Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking. :789–791.
Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs) are the first choice of most consumers to authorize the payment. This work demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, which examines to what extent the user's PIN during mobile payment could be revealed from a single wrist-worn wearable device under different input scenarios involving either two hands or a single hand. Extensive experiments with 15 volunteers demonstrate that an adversary is able to recover a user's PIN with high success rate within 5 tries under various input scenarios.