Inferring Mobile Payment Passcodes Leveraging Wearable Devices

Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs) are the first choice of most consumers to authorize the payment. This work demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, which examines to what extent the user's PIN during mobile payment could be revealed from a single wrist-worn wearable device under different input scenarios involving either two hands or a single hand. Extensive experiments with 15 volunteers demonstrate that an adversary is able to recover a user's PIN with high success rate within 5 tries under various input scenarios

MobiSys 2016

The 14th ACM International Conference on Mobile Systems, Applications, and Services (MobiSys 2016) spanned a range of themes and domains, from smart environments to security and privacy. The highlights presented here cover the keynotes, paper sessions, and first Asian Students Symposium on Emerging Technologies