PIN customers can avoid heat of thief's phone attachment

Sep 01, 2014 by Nancy Owano weblog
Credit: Flir

Engineer Mark Rober has some words of advice in guarding the safety of your PIN. His advice comes in the form of a video where he demonstrates that a thief can steal a PIN by using a thermal imaging attachment clipped to a smartphone. The good news is that the theft can be easily avoided. Anyone can protect the PIN from such ploys. As easy as it may seem to steal the data, it is just as easy to stop such attempts from succeeding. Rober invites his video viewers to watch him as he steps into a store and uses the technique. The customer in front of him in line keys in her PIN on the counter pad. As soon as he walks up to the register after the customer has left, his phone briefly hovers over the keypad. He used the device FLIR ONE for infrared thermal imaging, where you "see" the heat. With FLIR ONE, thermal imaging has found its way into the palm of the hand, and clips on the back of the iPhone to display infrared. Using it, one can see "the temperature" of things. Since the heat signature fades with time, the thief has the opportunity to estimate the order in which the keys were pressed. Pressed last were the hotter keys and pressed first were the dimmer keys.

The comforting news is that the trick will not work on all keypads. Metal keypads, he said, will not allow for a thermal signature to be left behind. Rubber and plastic pads did allow for thermal signatures. That resonates with a team who in the past discussed attacks. According to a paper in 2011, "Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks," researchers from the University of California San Diego explored the potential of using a thermal camera to recover codes typed into keypads.

They wrote that the material of the keypad made a huge difference. They said that "against metal keypads, the few runs that we did perform were almost completely abortive. Much of this can be attributed to the high conductivity of the metal, which meant that the heat residue remained localized to the key that had been pressed for only a few seconds; we also observed, however, that either the keypad itself or a paint put on the keypad caused it to act as a thermal mirror, meaning it was hard to even get a clear reading on the keypad at all. Therefore, at least based on our current results, the obvious approach to prevent our (and essentially any thermal-camera-based) attack would be to use metal keypads exclusively."

Rober said in his video that another important point to convey is that it is easy to avoid this risk; just rest your fingers on other buttons as you type in your code.

This video is not supported by your browser at this time.

FLIR ONE, meanwhile, was announced as an infrared camera for the iPhone (5 and 5s). "The dark ages are over, said the promotional video, because once you see the heat, you will never look at anything the same again. "We've taken the technological precision of military-grade night vision, and packed it into a wafer-form camera smaller than a dime," said its creators. Numerous beneficial applications for the device include home use, in detecting heat loss, energy inefficiency, and leaks; work support for contractors, in being able to quickly evaluate issues such as spill-tracing, electrical shorts, and radiant floor heating; surveying a campsite at night and finding a lost pet; and seeing through smoke. Creatives can observe patterns and artistic images.

Explore further: Gadget Watch: iPhone case lets you see heat

More information:www.flir.com/flirone/press/FLI… E_Launch_Release.pdf
cseweb.ucsd.edu/~kmowery/papers/thermal.pdf
www.flir.com/flirone/
www.iclarified.com/43496/video… with-an-iphone-watch

add to favorites email to friend print save as pdf

Related Stories

Researchers show ATM theft by thermal imaging

Sep 01, 2011

(PhysOrg.com) -- A paper presented at the August USENIX Security Symposium (USENIX Security '11) in San Francisco explains how PINs can be stolen using digital cameras capable of thermal imaging. The paper, ...

Gadget Watch: iPhone case lets you see heat

Jan 10, 2014

Remember the alien with heat vision in the movie "Predator"? You, too, can now stalk people in the jungle by their heat signatures—or check your home insulation for leaks, whichever is most useful to you.

Exploring new methods of thermal recovery

Aug 13, 2014

Berna Hascakir, assistant professor in the Harold Vance Department of Petroleum Engineering at Texas A&M, was featured in a recent article on thermal recovery by Jennifer Pallanich in the Upstream Technology bimonthly magazine.

Recommended for you

Hacker gets prison for cyberattack stealing $9.4M

Oct 24, 2014

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Report: Better shields needed for private tax data

Oct 23, 2014

Federal investigators say the IRS and the states should improve how they protect the security of confidential tax information of people getting benefits under the 2010 health care law.

Apple issues security warning for iCloud

Oct 22, 2014

Apple has posted a new security warning for users of its iCloud online storage service amid reports of a concerted effort to steal passwords and other data from people who use the popular service in China.

User comments : 0