Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cheap Thermal Imagers Can Steal User PINs

Posted by timothy on from the palm-that-PIN-pad dept.

Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.

1 of 101 comments (clear)

  1. Re:Simple solution by jeffb+(2.718) · · Score: 3, Informative

    You're confusing near infrared (700-900nm) with thermal infrared (5000-15000nm). The only way conventional cameras can detect thermal radiation is if the subject is hot enough to glow.

    Radio Shack used to sell little cards with a phosphor that, once "charged" with blue light, would fluoresce visibly when it was hit with near-infrared. You could use a glass lens to focus and see a near-infrared image on the card. I was able to adjust the current through a heating element so that it wasn't visibly glowing, but could be seen on the card -- but it was still at a temperature of several hundred degrees C.

    To see thermal radiation from something near room or body temperature, you need an entirely different type of sensor. The cheap imagers use "microbolometer arrays", essentially an array of little thermometers with extremely low thermal mass.