Now with just one click, identity thieves can steal your ATM PIN. A new camera uses heat sensors to see where you’ve been. Details after the jump.
Tat WZA
WZA on Google+
X Emma Rabid
You might want to rethink your ATM security procedures in the light of yet another new number-stealing hack. No longer is it enough just to shield the keypad from possibly hidden cameras, or avoid swiping your card to get into the bank during off-hours (skimmers often replace the door card-readers with their own). Now you also have to deal with thermal imaging.
Security researchers have discovered that pointing a thermal camera at a plastic keypad can read off your PIN as easily as if you had written it down. The heat from your fingers shows on the camera and all four digits of your PIN can be read with a success rate of 80% after ten seconds, and 60% 45 seconds after you have tapped them in.
Metal number pads are immune, but less conductive plastic pads store the heat so well that you can even tell in what order the buttons were pressed. The reading of the numbers can even be done using software.
While the researchers (Keaton Mowery, Sarah Meiklejohn and Stefan Savage from the UC San Diego) don’t think that thieves have used this technique yet, it looks like an easy job once you have bought an expensive thermal-imaging camera. Short of avoiding plastic pads altogether, I guess we should all start resting our fingers on extra buttons, just to be safe.
