Wang, ChenLiu, JianGuo, XiaonanWang, YanChen, Yingying2019-08-152019-08-152018-10Wang, C., Liu, J., Guo, X., Wang, Y., & Chen, Y. (2018). Inferring Mobile Payment Passcodes Leveraging Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, 789–791. https://doi.org/10.1145/3241539.3267742https://hdl.handle.net/1805/20376Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs) are the first choice of most consumers to authorize the payment. This work demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, which examines to what extent the user's PIN during mobile payment could be revealed from a single wrist-worn wearable device under different input scenarios involving either two hands or a single hand. Extensive experiments with 15 volunteers demonstrate that an adversary is able to recover a user's PIN with high success rate within 5 tries under various input scenarios.enPublisher Policymobile paymentpasscodeswearable devicesConference proceedings