A research paper from a student at IT University of Copenhagen collected movement data from a Sony SmartWatch 3 and was able to reliably discern what was being typed on an external keypad.
Tony Beltramelli, the student behind the research, who coined the concept as an example of "deep-spying", showed a user entering a numerical code and then decrypted what was typed from accessing the watches gyroscope and accelerometers.
Analysing the data using machine learning algorithms -- which have been posted to GitHub -- allowed patterns to be picked out from "unavoidably noisy data", the student wrote in his paper.
The masters student says the way of eavesdropping on what is being typed could be to steal passwords and other credentials, social security numbers, credit card numbers, and read messages that are typed.
"By their very nature of being wearable, these devices, however, provide a new pervasive attack surface threatening users privacy, among others," Beltramelli wrote in the paper's abstract.
"The goal of this work is to raise awareness about the potential risks related to motion sensors built-in wearable devices and to demonstrate abuse opportunities leveraged by advanced neural network architectures."
The student tested out the method on keypads with 12 keys, but said the machine learning behind the device provided "above-average accuracy even when confronted with raw unprocessed data".
The results provided 73 percent accuracy for touchlogging and 59 percent for keylogging, although said it would be "impossible" to detect what keys were pressed when a smartwatch was being worn on the hand not being used to type.
Dramatically, these observations imply that a cyber-criminal would be able, in theory, to eavesdropped on any device operated by the user while wearing a WAD," the paper concludes.
"Thus granting access to sensitive and highly valuable information and possibly causing important damages."
wired.co.uk