PIN customers can avoid heat of thief's phone attachment

September 1, 2014 by Nancy Owano weblog
Credit: Flir

Engineer Mark Rober has some words of advice in guarding the safety of your PIN. His advice comes in the form of a video where he demonstrates that a thief can steal a PIN by using a thermal imaging attachment clipped to a smartphone. The good news is that the theft can be easily avoided. Anyone can protect the PIN from such ploys. As easy as it may seem to steal the data, it is just as easy to stop such attempts from succeeding. Rober invites his video viewers to watch him as he steps into a store and uses the technique. The customer in front of him in line keys in her PIN on the counter pad. As soon as he walks up to the register after the customer has left, his phone briefly hovers over the keypad. He used the device FLIR ONE for infrared thermal imaging, where you "see" the heat. With FLIR ONE, thermal imaging has found its way into the palm of the hand, and clips on the back of the iPhone to display infrared. Using it, one can see "the temperature" of things. Since the heat signature fades with time, the thief has the opportunity to estimate the order in which the keys were pressed. Pressed last were the hotter keys and pressed first were the dimmer keys.

The comforting news is that the trick will not work on all keypads. Metal keypads, he said, will not allow for a thermal signature to be left behind. Rubber and plastic pads did allow for thermal signatures. That resonates with a team who in the past discussed attacks. According to a paper in 2011, "Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks," researchers from the University of California San Diego explored the potential of using a thermal camera to recover codes typed into keypads.

They wrote that the material of the keypad made a huge difference. They said that "against metal keypads, the few runs that we did perform were almost completely abortive. Much of this can be attributed to the high conductivity of the metal, which meant that the heat residue remained localized to the key that had been pressed for only a few seconds; we also observed, however, that either the keypad itself or a paint put on the keypad caused it to act as a thermal mirror, meaning it was hard to even get a clear reading on the keypad at all. Therefore, at least based on our current results, the obvious approach to prevent our (and essentially any thermal-camera-based) attack would be to use metal keypads exclusively."

Rober said in his video that another important point to convey is that it is easy to avoid this risk; just rest your fingers on other buttons as you type in your code.

This video is not supported by your browser at this time.

FLIR ONE, meanwhile, was announced as an infrared camera for the iPhone (5 and 5s). "The dark ages are over, said the promotional video, because once you see the heat, you will never look at anything the same again. "We've taken the technological precision of military-grade night vision, and packed it into a wafer-form camera smaller than a dime," said its creators. Numerous beneficial applications for the device include home use, in detecting heat loss, energy inefficiency, and leaks; work support for contractors, in being able to quickly evaluate issues such as spill-tracing, electrical shorts, and radiant floor heating; surveying a campsite at night and finding a lost pet; and seeing through smoke. Creatives can observe patterns and artistic images.

Explore further: Researchers show ATM theft by thermal imaging


Related Stories

Researchers show ATM theft by thermal imaging

September 1, 2011

( -- A paper presented at the August USENIX Security Symposium (USENIX Security '11) in San Francisco explains how PINs can be stolen using digital cameras capable of thermal imaging. The paper, "Heat of the Moment: ...

Gadget Watch: iPhone case lets you see heat

January 10, 2014

Remember the alien with heat vision in the movie "Predator"? You, too, can now stalk people in the jungle by their heat signatures—or check your home insulation for leaks, whichever is most useful to you.

Exploring new methods of thermal recovery

August 13, 2014

Berna Hascakir, assistant professor in the Harold Vance Department of Petroleum Engineering at Texas A&M, was featured in a recent article on thermal recovery by Jennifer Pallanich in the Upstream Technology bimonthly magazine.

Recommended for you

Internet giants race to faster mobile news apps

October 4, 2015

US tech giants are turning to the news in their competition for mobile users, developing new, faster ways to deliver content, but the benefits for struggling media outlets remain unclear.

Radio frequency 'harvesting' tech unveiled in UK

September 30, 2015

An energy harvesting technology that its developers say will be able to turn ambient radio frequency waves into usable electricity to charge low power devices was unveiled in London on Wednesday.

Professors say US has fallen behind on offshore wind power

September 29, 2015

University of Delaware faculty from the College of Earth, Ocean, and Environment (CEOE), the College of Engineering and the Alfred Lerner School of Business and Economics say that the U.S. has fallen behind in offshore wind ...


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.