Cheap Thermal Imagers Can Steal User PINs

Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.

Re:Simple solution

[Tx]

It is old news that thermal imaging cameras can be used to steal PINs. What I guess is news is that you can get a $250 phone add-on that's up to the task; I'm pretty sure that wasn't the case until quite recently.

I question the practicality of this technique for ATMs; you still need a clone of the card to use the PIN. And if you're going to install a card skimmer to clone cards, the traditional technique of using a pinhole camera to record the PIN entry works just fine, and probably way more reliable. So I'm not sure what the use-case is for this technique; maybe door-entry systems that only require a PIN, I guess.