Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Steal ATM PINs With a Thermal Camera

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

An anonymous reader writes "Researchers from UCSD have demonstrated how thermal imagery cameras can be used to steal customers' PINs (PDF) when you withdraw cash from ATMs. Their paper, entitled 'Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks', (PDF) discovered that plastic PIN pads were the best for retaining heat signatures showing which numbers (and in which order) were used by bank customers. Fortunately the methodology does not appear to have been used by criminals yet, but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash."

6 of 157 comments (clear)

  1. Now get back in line. by suso · · Score: 3, Insightful

    but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash.

    A person checking an ATM for tampering may look like they are tampering with an ATM. Now get back in line.

    1. Re:Now get back in line. by The+Moof · · Score: 5, Insightful

      Not to mention that the average person likely has no idea what a card skimmer looks like when compared to the card reader on an ATM.

    2. Re:Now get back in line. by Anonymous Coward · · Score: 2, Insightful

      This is what I was thinking. I actually *do* look for tampering, but even after seeing examples of card skimmers, I have doubts of my own ability to actually detect one.

  2. Wallet corner defense by Anonymous Coward · · Score: 3, Insightful

    I use the corner of my wallet to to press the keys, let's see them work with that.

  3. Re:Touch typing defense by Not_Wiggins · · Score: 3, Insightful

    It looks likely you were mostly joking (so, that makes me feel equally bad about admitting this).
    But, when putting in my PIN, I typically rest several fingers on different numbers, move my hand around, and punch my PIN in that way, obscuring what I'm doing (not the typical one finger, one press approach).

    For me, it was about making it tough for someone with a video camera set up to watch the ATM to figure out what my PIN is based on finger movement alone.

    I suppose to that end, would getting the heat signature really be that superior to having a video camera set up with a telephoto lens?
    And if we were ever worried about heat signature, wouldn't simply wearing gloves defeat this "potential attack?"

    Seems someone has figured out a complex way of collecting PINs.

    Why not set up a loop of wire and, based on the different lengths of connection between electricity that flows from pressed keys to the processor, infer which key is pressed?

    Right... it would cost more in time, money, and effort than one could make simply waiting for someone to walk up and rob with a gun.

    --
    Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
  4. Re:Easy to Avoid by S.O.B. · · Score: 3, Insightful

    Urine is likely cleaner than what you normally find on ATMs. So you're doing a public service by "rinsing off" the keypad.

    --
    Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.