Slashdot Mirror
Cheap Thermal Imagers Can Steal User PINs
Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.
A simpler solution: press more numbers after you press "enter" on the keypad.
http://www.geoffreylandis.com
Just wipe the screen or keys and then breathe on it, if you're really worried about this (there's very, very little reason to be, really).
With modern oleophobic screens you might not even need to wipe it down.
"They were pure niggers." – Noam Chomsky
different heat intensity, the older the colder, work backwards and you have your order (assuming its a keypad)
I recall seeing a demo of this probably two years ago. It's easily countervened by placing your fingers on all the keys (without pressing, of course) after you've entered your PIN.
#DeleteChrome
They'd have to be watching them physically to know the order. This is bullshit.
4 digits: 10,000 possible combinations. Know the 4? 24 possible orders, in the worst case with no repeated digits. You really don't think that's important, huh?
And that's assuming that the thermal imaging gives no clues about order, which I suspect is actually not true...
A simpler solution: press more numbers after you press "enter" on the keypad.
I thought this was old news. I usually hold some of my fingers lightly on the unused keys to warm them up without pressing, but this could be even better to keep the heating times equal.
Escher was the first MC and Giger invented the HR department.
Use the thermal goggles, Fisher. They should allow you to see the heat signatures on the keypads.
How can I believe you when you tell me what I don't want to hear?
I press the buttons with my penis. The ensuing hysteria prevents anyone from focusing on the touch screen.
it's in the article. the devices usually don't have enough bitdepth to resolve order, but they found two s00p@r-s3kr!t ways to do it which they aren't disclosing.
"They were pure niggers." – Noam Chomsky
This has been possible for quite some time now, and is hardly breaking news. The story is so old that the first time it was posted, Slashdot still came on clay tablets.
Just cruising through this digital world at 33 1/3 rpm...
It is old news that thermal imaging cameras can be used to steal PINs. What I guess is news is that you can get a $250 phone add-on that's up to the task; I'm pretty sure that wasn't the case until quite recently.
I question the practicality of this technique for ATMs; you still need a clone of the card to use the PIN. And if you're going to install a card skimmer to clone cards, the traditional technique of using a pinhole camera to record the PIN entry works just fine, and probably way more reliable. So I'm not sure what the use-case is for this technique; maybe door-entry systems that only require a PIN, I guess.
Oh no... it's the future.
Yet another way for the extra paranoid: use a pen or something instead of your fingers. As a bonus, they won't get your fingerprints. But first, cover the area with tinfoil and foam. The latter is important because audible clicks might reveal the keying pattern -- it's been done with computer keyboards to some extent.
Escher was the first MC and Giger invented the HR department.
Or do what many games do and randomize the number pad for each user or key press.
while(1) attack(People.Sandy);
I question the practicality of this technique for ATMs; you still need a clone of the card to use the PIN.
Or just steal the card.
note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
It is old news that thermal imaging cameras can be used to steal PINs. What I guess is news is that you can get a $250 phone add-on that's up to the task; I'm pretty sure that wasn't the case until quite recently.
In other old news, a lot of cameras are sensitive to infrared, and they use a blueish filter to limit themselves to the visible spectrum. Removing that and adding another filter for the higher frequencies is a cheap way to convert the phone's own camera for thermal imaging.
Escher was the first MC and Giger invented the HR department.
Ah, but I use a palindromic PIN - hah!
My number is 11111, good luck figuring out the exact order.
It's not that easy. You can't detect infrared without cooling the sensor to temperatures that are below the temperatures you want to measure.
I'm sorry but I see like two dozen people giving idiotic ideas and advising against eachothers workarounds. Put the damn phone in your pocket, it will be so hot your fingers simply won't matter.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
I haven't used an ATM in decades. I simply buy something at Walmart or Sam's Club and get cash back using my Discover card. It's far easier to find a Walmart than your bank's ATM. It's not uncommon for me to walk in to Walmart and walk out with $60 cash and a bag of Lindt chocolates. I even have a name for it, I call it a "truffle withdrawal".
Interesting assertion. How do radio antennas work, then?
They don't detect photons as particles, instead antennae detect the electricity induced by changing electromagnetic field. Anyway, you can check these thermal cameras, they all have a small Peltier cooler.
Enter your pin, then hit 1-0 on the keypad. Problem solved. I've actually been doing that for a couple years now, don't remember why.
How do you concentrate on the rest of the transaction with all the hysterical laughter distracting you?
I only use the center key and type my PIN in Morse code.
How about simply using your keys to stab at the buttons? You're usually going to have them on you; a pen or stylus or something else may not be.
..Mullah or Pope, Preacher or Poet, who was it wrote: "Give any one species too much rope and they'll fuck it up"?
... to notice general trends. Over multiple ATM's in my city, I have concluded that the number 5 is the most frequently used digit on a pin pad. Whether that is enough information to make it easier to crack someone's pin is debatable, but I thought it was interesting.
File under 'M' for 'Manic ranting'
Except though, how often do you only press the four digits of your pin. When you make a deposit of $10 or more you need to press at least 4 digits, the dollars and cents. So now you've pressed 8 numbers, and someone has to figure out which of the 8 buttons are for the pin #.
After 3 failed attempts the machine eats the card, and if it's retail the cars gets disabled.
So even best case scenario of having 24 combinations, you won't make it past 3 attempts.
You're confusing near infrared (700-900nm) with thermal infrared (5000-15000nm). The only way conventional cameras can detect thermal radiation is if the subject is hot enough to glow.
Radio Shack used to sell little cards with a phosphor that, once "charged" with blue light, would fluoresce visibly when it was hit with near-infrared. You could use a glass lens to focus and see a near-infrared image on the card. I was able to adjust the current through a heating element so that it wasn't visibly glowing, but could be seen on the card -- but it was still at a temperature of several hundred degrees C.
To see thermal radiation from something near room or body temperature, you need an entirely different type of sensor. The cheap imagers use "microbolometer arrays", essentially an array of little thermometers with extremely low thermal mass.
Untrue. All cheap contemporary thermal sensors are uncooled, and can measure temperatures well below their own operating temperature.
Think of it this way: each imaging element is exposed to thermal radiation from one small rectangle (pixel) of the overall scene. If the temperature of that part of the scene is higher than the imaging element's temperature, the element will gain energy; if the temperature of that part of the scene is lower than the imaging element's temperature, the element will lose energy, by radiating it toward the scene.
They don't detect photons as particles, instead antennae detect the electricity induced by changing electromagnetic field. Anyway, you can check these thermal cameras, they all have a small Peltier cooler.
Nope. As far as I know, none of the sensors that are marketed at sub-five-figure (USD) price points are actively cooled.
Here's a video showing a teardown of the SeeK Thermal unit. Look, Ma -- no cooler!
That's called a pleonasm.
It's the not-as-clever-as-you-think-you-are way to solve problems. Think of something "obvious" and then assume the people actually working on it were too stupid to consider it. Job's done.
Brought to you by the Department of Making Things Worse.
Actually, the Russians also bought the space pen. No one used pencils in space, since the graphite dust would ruin everything.
Grease pencils, no graphite involved. https://en.wikipedia.org/wiki/...
https://en.wikipedia.org/wiki/Inverted_totalitarianism
This only works if someone has your PIN and a gun, and you don't have a gun. If they don't have a gun and that use this to get your PIN and then they tell you to give you your card, you just shoot them in the neck, make an ironic comment about them not needing your PIN, and go home. If they've got a gun and you haven't, then you're giving them the card and PIN anyway. There's like no scenario when you need to breath on the keys, press extra ones etc.
randomize the keyboard layout. i've seen the door keypads at an FBI office which randomize the keypad layout. re-randomizing it after each press could help, too. who says passwords need to be letters and numbers? how about passwords that are a sequence of cat picture?
now we need to go OSS in diesel cars
The video shows someone pressing each of the keys firmly for a second or longer so that the keys have time to heat up. Who the hell enters a PIN like that?
24 possible orders, 3 attempts before the card is blocked. That's only a 12.5% chance of success. It's not a practical attack for criminals. They will stick to more reliable methods.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
24 possible orders, 3 attempts before the card is blocked. That's only a 12.5% chance of success. It's not a practical attack for criminals. They will stick to more reliable methods.
According to the article, many locks do not have any lockout after any number of failed attempts.
In other old news, a lot of cameras are sensitive to infrared, and they use a blueish filter to limit themselves to the visible spectrum. Removing that and adding another filter for the higher frequencies is a cheap way to convert the phone's own camera for thermal imaging.
Yes to the first part, no to the second.
Most cameras use silicon detectors (because they're cheap). Silicon is sensitive out to about 1 micron wavelength. Humans can't see much past 0.7 microns, so silicon is sensitive to some of the spectrum that's in the infrared... but one micron isn't yet in the thermal infrared, so you won't see heat from stuff that's around 310 K (body temperature) or so with a camera not specifially designed to go farther into the IR.
http://www.geoffreylandis.com
A simpler solution: press more numbers after you press "enter" on the keypad.
Or before. Punch in a wrong code, hit clear, then enter the right one. Or both.
Or you could just use a longer PIN like I do. Even if they know what keys I pressed, they don't know what order -- and that's a significant problem when the code could be 4, 5, 6, 7, or 8 digits long. Default PINs are minimum length, but chances are you can choose a longer one.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
The simplest solution would probably be to enter a random key sequence before the pass key phase. At that point it would be harder tell which keys were used for the pass key and which were random.
The main advantage is that this can be retrofitted via software fairly easily.
Jumpstart the tartan drive.
My PIN is all ones, but nobody will find out in what order.
Well, well
A simpler solution: press more numbers after you press "enter" on the keypad.
I thought this was old news. I usually hold some of my fingers lightly on the unused keys to warm them up without pressing, but this could be even better to keep the heating times equal.
I appreciate the tactics and countermeasures, but seriously, is this really a concern?
really?
Flappinbooger isn't my real name
I use different fingers for each key - now what?
The cesspool just got a check and balance.
do you enjoy taking money out of random asian country atm's?
then, no. you're not going to get a longer pin on your card even if your bank allowed it.
which made me wonder how many "letters" can you make with 4 buttons of a 9 pattern anyways? what a bizarre thing to add into the blurb. lowercase J, L , I? seriously what a bizarre thing to add! also I've never encountered anyone using a "letter" pin code on an atm/cc card.
world was created 5 seconds before this post as it is.
do you enjoy taking money out of random asian country atm's?
then, no. you're not going to get a longer pin on your card even if your bank allowed it.
How onerous is it to use a 5-digit PIN instead of a 4-digit one, especially if you use the same digit twice in a row? Is it really that much harder to enter 11234 than it is to enter 1234? Doing so multiplies the search space for attackers though, completely disproportional to the extra effort for you.
How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
Photons do not work that way.
A "security" company has discovered that a cheap, easily available gun can be used to harm or even kill a user at a distance by projecting a small piece of dense metal into the body. The damage has been shown to last a minute or longer.
That's especially worrying if you are ever within the line-of-sight of another human being, as so many users are! Click through for our press release and support our pioneering work.
"They were pure niggers." – Noam Chomsky