HackDig : Dig high-quality web security articles for hacker

Card PIN Codes Revealed by Finger Heat Signature

2014-09-03 01:50
A smartphone equipped with an infrared camera may become the pickpockets’ favorite tool, as the kit can be used to detect the PIN code entered on PoS systems keyboards after the victim completes the transaction in a store.

Objects emit light based on the temperature they produce, and this can be caught by infrared cameras. Since during the interaction between two objects heat is exchanged, the PIN key presses can be revealed by the heat signature left behind by the finger.

Amazing as this may sound, such technology has been created to a scale so small that it can be integrated into a smartphone case, offering the convenience of portability.

FLIR One is a device that attaches to an iPhone 5 or 5s and allows capturing the heat signatures of different objects.

Blogger Mark Robber posted a video of him using the FLIR case to steal the PIN code of someone making a card transaction.

He showed that by simply capturing the keypad of the PoS system with the infrared camera he was able to detect not just the numbers of the protective code but also their sequence, because of heat dissipation.

During his tests, Robber says that the thermal signature persists for some time, and even if the chances of guessing the correct order dwindle as time passes, there is still at least a 50% chance to get the PIN accurately a minute after the victim enters the PIN.

In the scenario presented by Robber there is no need for a full minute to pass in order to capture the keypad of the payment system. Given that the infrared camera is attached to a phone, the device can be held casually over the pad in order to capture the heat signature.

The good news is that by simply resting some of the fingers on the keypad while entering the PIN, the heat exchange that occurs can mask the actual keys, eliminating the risk.

Also, the method does not work on all PoS systems, since some of them have keypads made of materials that can dissipate the heat very quickly; metal keys on ATM machines fall into this category.

However, most PoS systems have plastic keys that can retain heat and offer thieves the possibility to capture the security code and leave the task of lifting the wallet with the card to accomplices that could follow the victim outside the store and pickpocket them.

On the bright side, the accessory is pretty expensive ($349 / €266) and it is currently available only in the US. Such an investment could prove too costly for most pickpockets.


Source: lmths.513754-erutangiS-taeH-regniF-yb-delaeveR-sedoC-NIP-draC/swen/moc.aideptfos.swen

Read:2224 | Comments:0 | Tags:Security

“Card PIN Codes Revealed by Finger Heat Signature”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud