PIN customers can avoid heat of thief's phone attachment

Sep 01, 2014 by Nancy Owano weblog
Credit: Flir

Engineer Mark Rober has some words of advice in guarding the safety of your PIN. His advice comes in the form of a video where he demonstrates that a thief can steal a PIN by using a thermal imaging attachment clipped to a smartphone. The good news is that the theft can be easily avoided. Anyone can protect the PIN from such ploys. As easy as it may seem to steal the data, it is just as easy to stop such attempts from succeeding. Rober invites his video viewers to watch him as he steps into a store and uses the technique. The customer in front of him in line keys in her PIN on the counter pad. As soon as he walks up to the register after the customer has left, his phone briefly hovers over the keypad. He used the device FLIR ONE for infrared thermal imaging, where you "see" the heat. With FLIR ONE, thermal imaging has found its way into the palm of the hand, and clips on the back of the iPhone to display infrared. Using it, one can see "the temperature" of things. Since the heat signature fades with time, the thief has the opportunity to estimate the order in which the keys were pressed. Pressed last were the hotter keys and pressed first were the dimmer keys.

The comforting news is that the trick will not work on all keypads. Metal keypads, he said, will not allow for a thermal signature to be left behind. Rubber and plastic pads did allow for thermal signatures. That resonates with a team who in the past discussed attacks. According to a paper in 2011, "Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks," researchers from the University of California San Diego explored the potential of using a thermal camera to recover codes typed into keypads.

They wrote that the material of the keypad made a huge difference. They said that "against metal keypads, the few runs that we did perform were almost completely abortive. Much of this can be attributed to the high conductivity of the metal, which meant that the heat residue remained localized to the key that had been pressed for only a few seconds; we also observed, however, that either the keypad itself or a paint put on the keypad caused it to act as a thermal mirror, meaning it was hard to even get a clear reading on the keypad at all. Therefore, at least based on our current results, the obvious approach to prevent our (and essentially any thermal-camera-based) attack would be to use metal keypads exclusively."

Rober said in his video that another important point to convey is that it is easy to avoid this risk; just rest your fingers on other buttons as you type in your code.

This video is not supported by your browser at this time.

FLIR ONE, meanwhile, was announced as an infrared camera for the iPhone (5 and 5s). "The dark ages are over, said the promotional video, because once you see the heat, you will never look at anything the same again. "We've taken the technological precision of military-grade night vision, and packed it into a wafer-form camera smaller than a dime," said its creators. Numerous beneficial applications for the device include home use, in detecting heat loss, energy inefficiency, and leaks; work support for contractors, in being able to quickly evaluate issues such as spill-tracing, electrical shorts, and radiant floor heating; surveying a campsite at night and finding a lost pet; and seeing through smoke. Creatives can observe patterns and artistic images.

Explore further: Gadget Watch: iPhone case lets you see heat

More information:www.flir.com/flirone/press/FLI… E_Launch_Release.pdf
cseweb.ucsd.edu/~kmowery/papers/thermal.pdf
www.flir.com/flirone/
www.iclarified.com/43496/video… with-an-iphone-watch

add to favorites email to friend print save as pdf

Related Stories

Researchers show ATM theft by thermal imaging

Sep 01, 2011

(PhysOrg.com) -- A paper presented at the August USENIX Security Symposium (USENIX Security '11) in San Francisco explains how PINs can be stolen using digital cameras capable of thermal imaging. The paper, ...

Gadget Watch: iPhone case lets you see heat

Jan 10, 2014

Remember the alien with heat vision in the movie "Predator"? You, too, can now stalk people in the jungle by their heat signatures—or check your home insulation for leaks, whichever is most useful to you.

Exploring new methods of thermal recovery

Aug 13, 2014

Berna Hascakir, assistant professor in the Harold Vance Department of Petroleum Engineering at Texas A&M, was featured in a recent article on thermal recovery by Jennifer Pallanich in the Upstream Technology bimonthly magazine.

Recommended for you

What's causing the recent string of data breaches?

14 hours ago

It's Cyber Security Awareness month, which has me wondering: are we doing all we can to protect our data? To help answer this question, I sat down with Girish Bhat of Wave Systems—an important collaborator of Micron's—to ...

Court: UK spies get bulk access to NSA data

Oct 29, 2014

The British government's insistence that its spies don't use the vast espionage powers of the U.S. National Security Agency to sidestep U.K. restrictions on domestic eavesdropping was called into question by a court document ...

Georgia Tech releases 2015 Emerging Cyber Threats Report

Oct 29, 2014

In its latest Emerging Cyber Threats Report, Georgia Tech warns about loss of privacy; abuse of trust between users and machines; attacks against the mobile ecosystem; rogue insiders; and the increasing involvement of cyberspac ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.