Good thing the Predator alien isn't around today, because with its thermal vision, it would be able to make a killing stealing PIN numbers from ATM keypads. However, modern-day hackers are predators in their own right, so beware: the residual heat your fingertips leave behind on the keypad can be detected by infrared cameras, easily revealing the digits of your PIN.
Earlier this month, at the USENIX Workshop on Offensive Technologies, researchers Keaton Mowery, Sarah Meiklejohn and Stefan Savage of the University of California at San Diego (UCSD) presented a paper that showed how a digital infrared camera could be used to reveal digits of PIN numbers after a user punched them in on ATM keypads. When the camera was used immediately after the transaction, researchers correctly identified the numbers with over 80 percent accuracy. Even after a minute, researchers were able to correctly identify digits about 50 percent of the time.
Plastic and rubber keypads were most prone to retaining fingertip heat. Even so, they still had their flaws.
"With plastic keypads, we can reliably detect which buttons were pressed, but it is really difficult to determine the order," Keaton Mowery told Technology Review. Mowery, a doctoral student in computer science at UCSD, conducted his research with fellow student Sarah Meiklejohn and professor Stefan Savage.
Those low on cash might want to stick to ATMs with metal keypads.
"Essentially, if you pointed the camera directly at the metal keypad, it would show you the thermal fingerprint of you, the camera operator, rather than of the keypad itself," Meiklejohn said. "However, we didn't push it, because the plastic keypad did work. It's possible that someone else could solve those issues."
No reason to get too paranoid. Any hackers looking get their hands on thermal imaging gear are going to drain their own bank accounts first. Infrared camera's cost about $2,000 a month to rent and around $18,000 to buy.
Photo: Courtesy Keaton Mowery