Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Steal ATM PINs With a Thermal Camera

Posted by CmdrTaco on from the i-see-what-you-did-there dept.

An anonymous reader writes "Researchers from UCSD have demonstrated how thermal imagery cameras can be used to steal customers' PINs (PDF) when you withdraw cash from ATMs. Their paper, entitled 'Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks', (PDF) discovered that plastic PIN pads were the best for retaining heat signatures showing which numbers (and in which order) were used by bank customers. Fortunately the methodology does not appear to have been used by criminals yet, but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash."

14 of 157 comments (clear)

  1. Touch typing defense by rwa2 · · Score: 4, Funny

    Hmm, I knew there was a reason that I rested all of my fingers uniformly across the keypad, gently caressing their every ridge and facet as I discreetly pumped out my digits into their PIN pad. Well, another reason, at least.

    Also I try to think about a completely different song than the one that corresponds to the letters that correspond to the numbers of my PIN, just to thwart any brainwave phreaking attacks as well.

    But still hoping we score some decent security measures out of this, like maybe a bank-issued gold card or something.

    1. Re:Touch typing defense by Herkum01 · · Score: 4, Funny

      I rested all of my fingers uniformly across the keypad, gently caressing their every ridge and facet as I discreetly pumped out my digits

      Have you considered a career writing Harlequin novels?

    2. Re:Touch typing defense by nedlohs · · Score: 4, Funny

      Just set the keypad on fire.

    3. Re:Touch typing defense by Not_Wiggins · · Score: 3, Insightful

      It looks likely you were mostly joking (so, that makes me feel equally bad about admitting this).
      But, when putting in my PIN, I typically rest several fingers on different numbers, move my hand around, and punch my PIN in that way, obscuring what I'm doing (not the typical one finger, one press approach).

      For me, it was about making it tough for someone with a video camera set up to watch the ATM to figure out what my PIN is based on finger movement alone.

      I suppose to that end, would getting the heat signature really be that superior to having a video camera set up with a telephoto lens?
      And if we were ever worried about heat signature, wouldn't simply wearing gloves defeat this "potential attack?"

      Seems someone has figured out a complex way of collecting PINs.

      Why not set up a loop of wire and, based on the different lengths of connection between electricity that flows from pressed keys to the processor, infer which key is pressed?

      Right... it would cost more in time, money, and effort than one could make simply waiting for someone to walk up and rob with a gun.

      --
      Diplomacy is the art of saying, "Nice doggie!" until you can find a rock.
  2. Now get back in line. by suso · · Score: 3, Insightful

    but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash.

    A person checking an ATM for tampering may look like they are tampering with an ATM. Now get back in line.

    1. Re:Now get back in line. by The+Moof · · Score: 5, Insightful

      Not to mention that the average person likely has no idea what a card skimmer looks like when compared to the card reader on an ATM.

    2. Re:Now get back in line. by Joce640k · · Score: 4, Interesting

      but a third of people surveyed admit that they do not check ATMs for tampering before withdrawing cash.

      Two thirds of them do? I find that very hard to believe.

      --
      No sig today...
    3. Re:Now get back in line. by kevinNCSU · · Score: 4, Interesting

      After looking at the pictures of scanners in this ( Consumerist Security Briefing from Gawker) I don't think I could tell even if someone put 4 ATM machines in front of me and told me one of them had a skimmer, pick it out. These things fit so perfectly over the card reader it seems near impossible to tell without pulling out a knife and seeing if you can get anything to pop off, and I don't think that'd make most places happy.

  3. Wallet corner defense by Anonymous Coward · · Score: 3, Insightful

    I use the corner of my wallet to to press the keys, let's see them work with that.

  4. Re:Oh Sure, Academia Accepts THAT Paper by Anonymous Coward · · Score: 4, Funny

    And don't ever use Gamma Rays, you don't want the Hulk chasing you after you've pilfered his bank account.

  5. Easy to Avoid by tucara · · Score: 5, Funny

    Just make sure you add a bunch of heat on all the number keys before you leave to mess up their analysis. I recommend urinating on the keypad to get a good even distribution.

    1. Re:Easy to Avoid by S.O.B. · · Score: 3, Insightful

      Urine is likely cleaner than what you normally find on ATMs. So you're doing a public service by "rinsing off" the keypad.

      --
      Some of what I say is fact, some is conjecture, the rest I'm just blowing out my ass...you guess.
  6. Thermal imaging? That stuff is fun and expensive.. by Lonewolf666 · · Score: 4, Funny

    Even as a usually law-abiding citizen, I might be tempted to steal that camera thingy if i find it. The fact that it was put there by criminals would greatly reduce my pangs of conscience ;-)

    --
    C - the footgun of programming languages
  7. The Efficient Method by syntap · · Score: 3, Informative

    Isn't it cheaper to simply mug the ATM user after they are done and take cash while out of sight of the ATM machine's own camera? You'd have to do that anyway to get the card from them. Why get all technical?