| Recurring |
multiple_organization |
(a) The software failure incident related to the vulnerability of smartwatches to motion sensor data interception and potential keylogging has been demonstrated by Associate professor Romit Roy Choudhury and his team at the University of Illinois. The attack system called Motion Leaks through Smartwatch Sensors (MoLe) was showcased using a Samsung Gear Live watch [51602].
(b) The researchers involved in the demonstration of the vulnerability of smartwatches to motion sensor data interception believe that any wearable device utilizing motion sensors, such as the Apple Watch or Fitbit, could also be susceptible to similar attacks. This indicates that the software failure incident could potentially affect multiple organizations producing wearable devices with motion sensors [51602]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the development of an app that sits on smartwatches and captures data from motion sensors as the wearer types on a keyboard. This app, known as MoLe (Motion Leaks through Smartwatch Sensors), was created by Associate professor Romit Roy Choudhury and his team at the University of Illinois [51602]. The design flaw in this software allowed a hacker to remotely monitor the wearer's movements and determine which keys are being pressed, potentially revealing sensitive information like banking passwords, login details, and private emails.
(b) The software failure incident related to the operation phase is evident in the misuse of the smartwatch sensors to capture keystrokes and movements of the wearer. The operation of the app involved tracking keystrokes by analyzing the timing of each keystroke and the displacement of the watch [51602]. This misuse of the system's operation allowed for the unauthorized collection of sensitive data through the exploitation of motion sensor technology in smartwatches. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident described in the article is within the system. The failure occurred due to the development of an app by computer scientists that sits on smartwatches and captures data from motion sensors as the wearer types on a keyboard. This app then sends the captured movements to a 'hacker' who determines which keys are being pressed, potentially revealing sensitive information like passwords and login details [51602]. The failure originated from the design and implementation of the app within the smartwatch system itself. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the article is related to non-human actions. The failure occurred due to the app developed by computer scientists that sits on smartwatches and captures data from motion sensors as the wearer types on a keyboard. This captured data is then sent to a 'hacker' who determines which keys are being pressed, potentially revealing sensitive information like passwords and login details [51602].
(b) The software failure incident also involves human actions. The 'attack system' called Motion Leaks through Smartwatch Sensors (MoLe) was created by Associate professor Romit Roy Choudhury and his team at the University of Illinois. The researchers developed an app that captures data from motion sensors on smartwatches, demonstrating how keystrokes can be tracked and potentially leaked to hackers. The researchers themselves were involved in creating the system that led to the vulnerability [51602]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident in the articles is related to hardware as it involves exploiting the motion sensors in smartwatches to capture keystrokes and potentially reveal sensitive information like passwords and login details [51602].
(b) The software failure incident is also related to software as it involves the development of an app that sits on smartwatches to capture data from motion sensors and track keystrokes, which is then sent to a hacker for analysis [51602]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious in nature. The incident involves the development of an app called MoLe (Motion Leaks through Smartwatch Sensors) by computer scientists at the University of Illinois, which captures data from motion sensors on smartwatches as the wearer types on a keyboard. This captured data is then sent to a 'hacker' who can determine which keys are being pressed, potentially revealing sensitive information like banking passwords, login details, and private emails [51602]. The researchers behind this project acknowledge the privacy implications of sensor data from wearable devices and highlight the potential for deeper violations into human privacy [51602].
(b) There is no indication in the articles of a non-malicious software failure incident. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
The intent of the software failure incident described in the articles is related to poor_decisions. The failure was due to contributing factors introduced by poor decisions made by computer scientists who developed an app that sits on smartwatches and captures data from motion sensors as the wearer types on a keyboard. This app allowed a hacker to remotely monitor the wearer's keystrokes, potentially revealing sensitive information like banking passwords, login details, and private emails [51602]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident in the article can be attributed to development incompetence. The incident involved the creation of an app by computer scientists that captured data from motion sensors on smartwatches as the wearer typed on a keyboard. This data was then sent to a hacker who could determine the keys being pressed, potentially compromising sensitive information like banking passwords and login details. The researchers at the University of Illinois developed this 'attack system' named MoLe, demonstrating the vulnerability of smartwatches to such attacks [51602].
(b) The software failure incident can also be considered accidental as the vulnerability exploited by the researchers was not intentionally designed into the smartwatch sensors. The researchers identified a flaw in the design of smartwatches that allowed for the capture of sensitive information through motion sensor data. This accidental vulnerability could potentially lead to privacy violations and security breaches for users of smartwatches [51602]. |
| Duration |
temporary |
The software failure incident described in the articles can be categorized as a temporary failure. The incident involved a specific vulnerability in smartwatches where a software application captured data from motion sensors to determine keystrokes being typed on a keyboard, potentially compromising sensitive information like passwords and login details [51602]. The vulnerability was demonstrated using a Samsung Gear Live watch, and the researchers highlighted that any wearable device using motion sensors could be vulnerable as well, indicating a specific circumstance leading to the failure rather than a permanent, inherent flaw in all circumstances. |
| Behaviour |
other |
(a) crash: The software failure incident described in the article does not involve a crash where the system loses state and does not perform any of its intended functions. The incident is more focused on capturing and analyzing data from motion sensors on smartwatches to potentially reveal sensitive information like passwords and login details [51602].
(b) omission: The software failure incident does not involve the system omitting to perform its intended functions at an instance(s). Instead, the incident revolves around the intentional capturing of data from motion sensors on smartwatches to extract sensitive information like keystrokes [51602].
(c) timing: The software failure incident is not related to the system performing its intended functions correctly but too late or too early. The focus is on capturing and analyzing the timing of keystrokes based on motion sensor data from smartwatches [51602].
(d) value: The software failure incident does not involve the system performing its intended functions incorrectly. The incident is more about extracting valuable information like passwords and login details by analyzing motion sensor data from smartwatches [51602].
(e) byzantine: The software failure incident does not exhibit the characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The incident is more about capturing and analyzing data from motion sensors on smartwatches to potentially reveal sensitive information like passwords and login details [51602].
(f) other: The behavior of the software failure incident can be categorized as a privacy breach or security vulnerability. The incident involves the intentional capturing of motion sensor data from smartwatches to extract sensitive information like passwords and login details, highlighting a significant privacy risk associated with wearable devices [51602]. |