Man man in a suit wears a smartwatch on his wrist.

The Privacy Risk on Your Wrist

WPI research reveals how electromagnetic signals from smartwatches may expose users to cyber surveillance
February 12, 2026

Sometimes, cybersecurity isn’t about passwords or computer chips or networks. Instead, it may be about what’s on your wrist.

New research led by WPI faculty members and students shows that electromagnetic signals from smartwatches that connect to cellular networks can be collected and used to make inferences about a wearer’s behavior, activities, and even health. 

The research is in its early stages, and the team noted that a system they developed to collect signals worked accurately only when smartwatches were within about 5 inches of collection devices. Yet the demonstration revealed a potential security vulnerability that has received little attention, says Xiaoyan (Sherry) Sun, associate professor in the Department of Computer Science and an author of the research.

“People use smartwatches to monitor their heart rates, send text messages and emails, stream music, and so much more,” Sun says. “It is possible to track that activity to build a profile of a wearer, perhaps for targeted advertising or even criminal activities.”

The researchers reported that they developed a system, called MagWatch, to probe smartwatches for “side-channel” weaknesses. Side-channel analysis involves collecting information, such as power use, that is inadvertently leaked by a computer system to gain access to secrets.

MagWatch includes a small sensor device to capture and process electromagnetic signals from smartwatch hardware, an algorithm to enhance the signals, and artificial intelligence tools to analyze the data. The research did not include Bluetooth-only smartwatches, which emit less electromagnetic information than smartwatches that are continuously connected to cellular networks.

Beginning Quote Icon of beginning quote
A side-channel attack on a smartwatch could enable a bad actor to collect a lot of behavioral information that could be used to profile and target that person. Beginning Quote Icon of beginning quote
  • Jun Dai
  • Associate Professor
Preview

Haowen Xu

Haowen Xu

Preview

Jun Dai

Jun Dai

Preview

Xiaoyan Sun

Xiaoyan Sun

The team experimented by placing a collection device under a desk and capturing signals from nearby Android and Apple smartwatches. Tests showed that the system could match signals emitted by smartwatches to apps for music, video, social media, navigation, health, and banking services. 

In addition, the signals could be matched to activities taking place within apps, such as recording a voice message or texting, says Jun Dai, associate professor in the Department of Computer Science. 

“In cybersecurity, we talk about social engineering, which involves learning about a person and gaining their trust so they give up sensitive information,” says Dai. “A side-channel attack on a smartwatch could enable a bad actor to collect a lot of behavioral information that could be used to profile and target that person.”

In addition to Sun and Dai, the research team consisted of Haowen Xu, a PhD student in Sun’s lab, and PhD student Tianya Zhao and Assistant Professor Xuyu Wang, both of Florida International University.

Sun and Dai are cybersecurity researchers whose work has been supported by the National Science Foundation. At WPI, they lead theDRiving Automotive Industry WorkForce Transformation (DRIFT) program, a $2.5 million five-institution initiative funded by the National Centers of Academic Excellence in Cybersecurity, led jointly with Oakland University, and focused on developing workforce training to strengthen cybersecurity in the auto industry.

Sun says the next step in smartwatch research may involve examining how a wearer’s movement or environmental electromagnetic signals impact the effectiveness of side-channel attacks. Protective measures might include new regulations on data collection, adding shielding to smartwatches, or deploying technologies that jam signal collectors.

“As researchers, we know that cyber threats exist, and that convenient technologies can also be vulnerable to hackers,” Sun says. “We want to raise awareness about how much information is available on people’s everyday devices and that there are ways that cyberattacks can gather information about us. That’s why we study this field and focus our research on cybersecurity.”

Keep Up With WPI Research News

Want to learn more about Research at WPI? Subscribe to the monthly newsletter.


SUBSCRIBE

Related Stories

Topics

Offices and Departments

Profiles