Inferring Mobile Payment Passcodes Leveraging Wearable Devices

Mobile payment has drawn considerable attention due to its convenience of paying via personal mobile devices at anytime and anywhere, and passcodes (i.e., PINs) are the first choice of most consumers to authorize the payment. This work demonstrates a serious security breach and aims to raise the awareness of the public that the passcodes for authorizing transactions in mobile payments can be leaked by exploiting the embedded sensors in wearable devices (e.g., smartwatches). We present a passcode inference system, which examines to what extent the user's PIN during mobile payment could be revealed from a single wrist-worn wearable device under different input scenarios involving either two hands or a single hand. Extensive experiments with 15 volunteers demonstrate that an adversary is able to recover a user's PIN with high success rate within 5 tries under various input scenarios.

Keywords

mobile payment, passcodes, wearable devices

Cite As

Wang, C., Liu, J., Guo, X., Wang, Y., & Chen, Y. (2018). Inferring Mobile Payment Passcodes Leveraging Wearable Devices. Proceedings of the 24th Annual International Conference on Mobile Computing and Networking, 789–791. https://doi.org/10.1145/3241539.3267742

Journal

Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

Rights

Publisher Policy

Source

Author

Type

Conference proceedings

Permanent Link

https://hdl.handle.net/1805/20376

DOI

https://doi.org/10.1145/3241539.3267742

Version

Author's manuscript

Collections

Open Access Policy Articles
Computer Information and Graphics Technology Works
Department of Computer and Information Science Works

Full item page