The PIN digits you punch into an ATM's keypad to authenticate your transactions are leaving traces of themselves behind in the form of heat, says a paper recently presented by a team of UC San Diego security researchers. Someone following immediately behind an ATM user can use a digital infrared camera to determine what keys were pushed with about 80 percent accuracy, their study shows. Even a full minute later the camera can pick up the correct digits about half the time.
But while its easy enough for a criminal type to determine the digits in your pin with an IR camera, it's fairly difficult to determine the order. And the hack only seems to work on plastic keypads--metal returns too much heat noise for the IR camera to reliably discern with keys were just pressed.
Then there's the fact that an IR camera isn't exactly an implement of petty crime. By the time one amassed the princely sum (around $18,000 to buy a good rig--the $150 Midnight/Shot won't cut it) necessary to acquire one, he or she probably wouldn't need to steal ATM PINs anymore.
But none of that changes the fact that a security scheme on which most people regularly rely has a fairly exploitable hole. And it doesn't just go for ATM machines--keypad safes, security doors, keypad activated garage doors, even the keypads that open up some car doors are susceptible to the IR hack, particularly where plastic keypads are involved.
Of course, to thwart the scheme you could simply place your hand over the entire keypad to impart heat to every key after you punch in your PIN. And if that doesn't jive with you germophobic readers, you can always just preemptively Mace the person behind you in line each time you visit the ATM. Better safe than sorry.
i cant believe this!! me and my sister just got two i-pads for $42.77 each and a $50 amazon card for $9. the stores want to keep this a secret and they dont tell you. go here http://tiny.cc/71l2f
After you finish your transition and you are about to leave the ATM, just press several numbers randomly. It will not activate anything and you just left a confusing impression.
Just withdraw $1,234,567,890 each time.
this should be easy to fix. 2 solutions or a combo of both.
change the material used to make the buttons. something that is even less conductive of heat than those plastic(?) buttons. you could heat the buttons just a little an easy and cheap way to do this would be to redirect some of the ATMs natural machine and computer heat exhaust up into the button panel. It would not take much at to throw off readings.
You can also defeat this technique using an old thimble on a finger or a rubber thimble cover.
But Bubbagump is right--just continue pressing a dozen or so keys randomly after you finish up your transaction.
What ATM's should all have is a PIN # and a swipe of your fingerprint. Why make it easy for the thieves?
This is very interesting info; I will be going with the 'press random numbers before leaving the ATM' solution also.
What crackhead thief carries around a $5,000 FLIR camera?
i always use my keys to push the buttons, never my fingers - do you know how many unsanitary hands touch the keypad?!! *gross* If you don't touch it, you can't leave any heated fingerprints behind! ;o)
This is stupid, why even write an article covering a way to commit a crime if it's not even a problem. Probably hasn't been done . Somebody has been watching too many mission impossible movies.
"yea but what are we gonna do about people repelling face first from the side of the building and watching you input your pin from above, silently and then disappearing in a cloud of ninja smoke?
That possibility needs to be addressed. Hope I didnt give any international spies any ideas.
So the equipment for the robbery costs more than the 400 you may get at the ATM.
Why do we still have ATm's ? If u have a card , use your card.
I've made it 5 years only using cash for 1 thing.
Ok now you have the pin number how are you going to get the account number?
Exactly, create a problem that doesn't exist and write about it. Tabloid
I use outside ATM in the Arizona desert...yeah, everything is hot. that way all the get is red...the extra key punches are a good idea for you Minnesota residence
I did this in the classic PC-DOS game Cyberia back in '94.
What do they mean, fairly difficult to determine the order? It's obvious from the picture: 4158 (coldest to hottest keys).
Hey, wait a minute ... that's MY PIN!!
@NOM: I LOL-ed when I read your comment.
@BubbleGumMonkey: Keys! I wish I had thought of that sooner. I've been using my tongue. (Seriously - I use the 2nd knuckle of my left index finger.)
@ Everybody: Folks, thieves need the card AND the PIN to steal the money. So, just don't lose your card and you'll be fine.
@rettaH_daM, in Brazil, it’s a everyday occurrence to blow up a ATM, grab the money and run! ATM and PINS only deter honest people from temptation. Nothing stops a dedicated thief!
"can also defeat this technique using an old thimble on a finger or a rubber thimble cover." ummm.... no!
I thought about this a little bit, and atms have cameras, it should be easy enough to track the person down who stole your number. Either when he steps up after you or uses your number at an ATM.
BUT... I live in Japan and when I went to my AMT last night, I realized something. Just use ATMs like Japan does. They all (100%) have LCD touch screens. if anything, the ambient heat from the LCD would render any afterimage all but useless.
i also think you had to do this in the very first splinter cell game. not an ATM, but a KEY pad nonetheless.
Good news, Brazil after several thousand of their ATM been exploded, learn to put ink in the money, their by ruining the money if it get stolen or exploded. YEA, GO BRAZIL!