Again I stress that with locations on and wrist movements they will know when you are at an ATM. See below

You might want to take it off now.

If you happen to visit the bank while wearing a smartwatch or fitness tracker, take it off and don’t go near the ATM.

Researchers led by electrical and computer engineering professor Yingying Chen at the Stevens Institute of Technology have published a study about how wearable devices can be used by wily hackers to steal ATM PINs. And unfortunately, for those hackers who know what they’re doing, it’s surprisingly easy to steal access codes.

The researchers noted that wearables come with “embedded sensors” including gyroscopes and accelerometers that track their wearers’ movements. However, all of those sensors are also capturing hand movements on a keyboard, or, in this case, an ATM keypad.

For hackers to steal passcodes, they must download the sensor data from the devices. To do that, hackers can simply use a wireless “sniffer” that’s can capture and interpret packets of data sent between the wearable device and the smartphone it wirelessly connects to via Bluetooth. In addition, hackers could opt to install malware on the wearable or smartphone, and have it simply send the sensor data back to them half a world away, one of the researchers told IEEE, which earlier reported about the possible hack.

Get Data Sheet, Fortune’s technology newsletter

Armed with the information, the hackers simply analyze how people using the wearables moved their hands on the keypad and at what speed. They can then recreate those movements, pressing numbers as they go, to deduce PIN numbers.

While that might sound difficult, it’s actually easy. In fact, the researchers found that they were able to correctly guess a person’s PIN 80% of the time in their first attempt. The success rate jumped to 90% after three attempts. What’s worse, the tactic works on just about every wearable and smartwatch available.

The researchers conducted more than 5,000 key entry traces from 20 adults.

For more about smartwatches, watch:

So, what can you do to keep your PIN safe from hackers? Unfortunately, what makes wearables appealing to so many is that they have built-in movement trackers that provide valuable health and fitness insight. And without those sensors, wearables would have little use.

The only possible way to prevent a hack, therefore, may be to take off your smartwatch before entering your ATM PIN.

Nope, @scl205, I still don't want to take it off. This study has nothing to do with the hacker using Location Services to follow you to an ATM. Since Bluetooth has a range of 20' or less, they have to be sitting there waiting for your arrival in order to have a sniffer to pick up the Bluetooth signal. And, you have to be wearing the tracker on the same wrist as the one entering the PIN on the keyboard. And, you have to be syncing your tracker to your phone at the time you are at the ATM in order to have the Bluetooth active and communicating data to the phone. But, assuming they do manage to capture your PIN as you type it in, what are they going to do with it? They don't have the account number, etc., from the card to use the PIN with.

As the good professor says, she isn't aware of any hackers actually doing this, but she did have some research money to spend and some grad students that needed the credits to graduate.

---

@scl205 wrote:

Again I stress that with locations on and wrist movements they will know when you are at an ATM. See below

 

You might want to take it off now.

If you happen to visit the bank while wearing a smartwatch or fitness tracker, take it off and don’t go near the ATM.

Researchers led by electrical and computer engineering professor Yingying Chen at the Stevens Institute of Technology have published a study about how wearable devices can be used by wily hackers to steal ATM PINs. And unfortunately, for those hackers who know what they’re doing, it’s surprisingly easy to steal access codes.

The researchers noted that wearables come with “embedded sensors” including gyroscopes and accelerometers that track their wearers’ movements. However, all of those sensors are also capturing hand movements on a keyboard, or, in this case, an ATM keypad.

For hackers to steal passcodes, they must download the sensor data from the devices. To do that, hackers can simply use a wireless “sniffer” that’s can capture and interpret packets of data sent between the wearable device and the smartphone it wirelessly connects to via Bluetooth. In addition, hackers could opt to install malware on the wearable or smartphone, and have it simply send the sensor data back to them half a world away, one of the researchers told IEEE, which earlier reported about the possible hack.

Get Data Sheet, Fortune’s technology newsletter

Armed with the information, the hackers simply analyze how people using the wearables moved their hands on the keypad and at what speed. They can then recreate those movements, pressing numbers as they go, to deduce PIN numbers.

While that might sound difficult, it’s actually easy. In fact, the researchers found that they were able to correctly guess a person’s PIN 80% of the time in their first attempt. The success rate jumped to 90% after three attempts. What’s worse, the tactic works on just about every wearable and smartwatch available.

The researchers conducted more than 5,000 key entry traces from 20 adults.

For more about smartwatches, watch:

So, what can you do to keep your PIN safe from hackers? Unfortunately, what makes wearables appealing to so many is that they have built-in movement trackers that provide valuable health and fitness insight. And without those sensors, wearables would have little use.

The only possible way to prevent a hack, therefore, may be to take off your smartwatch before entering your ATM PIN.

---

But, I wear the device on my non-dominate hand and enter pin codes and passwords with my dominate hand.  Can't track hand movements if my hand with the Fitbit doesn't move when I'm at an ATM.

Perhaps you should get an iPhone or Windows Phone, @SunsetRunner.

@SunsetRunner, Fitbit does not request or receive your location while syncing your tracker. 

Google changed their requirements for an app needing the Bluetooth MAC so that a security hole could be closed. Thus prohibiting some third party standing within 30 feet from invading and getting access to your phone without your knowledge. 

As for your location even without location on, both google and your phone company know where you are.

As for privacy, the only way to guarantee this is never to go on the internet, certainly do not use a Windows device. Microsoft has admitted that the security flaws are so deep that they can not be made secure.

---

@CromeX wrote:
Google forgets about the privacy act of Europe, mainly data collection in
the privacy act. if they were to be challenged on it they would loose.

---

That has all been aired and settled in the winds, @CromeX. Often times people's desire for technology overpowers their cries for privacy.

Europe Tried to Rein In Google. It Backfired

The only reason my wife and I are still wearing fitbits is because they have not broken...yet. They will, I am sure neither one of us have had one make it a full year. That fact coupled with the location services issue is sufficient cause to keep us away from any fitbit in the future.

It is true the cell providers can tell where you are at any given time. But why does that make it acceptable for fitbit to know?

We have many bluetooth devices and none require location services. Fitbit wants it on or they would find another way to resolve pairing. Sooner or later the data they collect will be compromised and then the people wearing rose colored sunglasses will know why they should have made a stand.

@scl205, Fitbit couldn't possibly care less where you are, and they don't bother asking for your location (you can verify that in your phone's settings if you care to).  It is Google that made the change that requires Location Services to be enabled in order to sync with devices that exchange data.  Most of the Bluetooth devices you refer to do not exchange data and could care less about Location Services, but the Fitbit does exchange data.  It may be my rose colored glasses, but having Location Services is not one of my major concerns.

---

@scl205 wrote:

The only reason my wife and I are still wearing fitbits is because they have not broken...yet. They will, I am sure neither one of us have had one make it a full year. That fact coupled with the location services issue is sufficient cause to keep us away from any fitbit in the future.

 

It is true the cell providers can tell where you are at any given time. But why does that make it acceptable for fitbit to know?

 

We have many bluetooth devices and none require location services. Fitbit wants it on or they would find another way to resolve pairing. Sooner or later the data they collect will be compromised and then the people wearing rose colored sunglasses will know why they should have made a stand.

 

 

---

@scl205

It is a Google requirement, and Fitbit has to comply if they want to provide synching via Bluetooth

Do and internet search for "android bluetooth location on" and you'll find many references to the requirement that location be turned on on Android versions starting with 6.0.

Most definitely  a privacy breach!

If you agree to something it's not a breach.

If you think it is then perhaps complain to Google.

Technically it's against the EU data protection act. 

Which states that a firm is not allowed to collect more information than is required.. this can certainly be challenged.. 

got noting to do with the user excepting the terms.  the terms are illegal. 

"the terms are illegal"

I'm outa here