Cheap Thermal Imagers Can Steal User PINs

Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.

Not new news

[93+Escort+Wagon]

I recall seeing a demo of this probably two years ago. It's easily countervened by placing your fingers on all the keys (without pressing, of course) after you've entered your PIN.

Re:How would they know the order?

[sribe]

They'd have to be watching them physically to know the order. This is bullshit.

4 digits: 10,000 possible combinations. Know the 4? 24 possible orders, in the worst case with no repeated digits. You really don't think that's important, huh?

And that's assuming that the thermal imaging gives no clues about order, which I suspect is actually not true...