Californian researchers have demonstrated a new method that could read out the crooks with the card PIN lowbrow customers.
In many larger cities are rigged ATMs become a pest. While criminals must first approach the device, for example, to install hidden cameras and good magnetic stripe readers.
Scientists at the University of California at San Diego have now demonstrated a new method with which the PIN can be read more easily: by means of residual heat that accumulates on the keyboard, and receives a thermal imaging camera, the infrared radiation.
In their study the researchers made to the computer science doctoral Keaton Mowery reconstruction of the selected numbers in more than 80 percent of all cases – if the reading was the same. A minute later, the chances of success fell to as much as 50 percent.
The research that Mowery has performed together with fellow student Sarah Meiklejohn and Professor Stefan Savage, builds on an earlier investigation on the well-known security researcher Michal Zalewski. He had already in 2005, a thermal imaging camera used to determine entries on the electronic keyboard, a safe number. This was achieved in some devices even after five minutes. In the tested from UCSD ATMs reading after 90 seconds, however, worked correctly in only about 20 percent of all cases.
The infrared method can be bypassed other protective strategies, such as the covering of the keyboard. An ATM user can circumvent the problem, however, when his entire hand on the keyboard sets to warm all the buttons. The ATM should also use the keyboard for entry of additional numbers, such as the amount withdrawn, which contributes to additional errors, says Meiklejohn.
The method also has another, crucial weakness: “When the keyboard is made of plastic, we can indeed detect reliably, which keys are pressed, the order will be difficult,” says Mowery. This ultimately succeeded only in 20 percent of all cases.
If the keypad is made of metal, it is even harder. “If you hold the camera at the metal, one would see only the thermal fingerprint of the camera instead of the keyboard support,” said Meiklejohn. The researchers tested their method, however, not every detail. “It is entirely possible that someone else might solve the problems.”
Combining the previously identified disadvantages but with the high cost of a thermal imaging camera ($ 2,000 a month, the researchers paid in rent, would be an alternative to the $ 18,000 purchase necessary) shows that the method does not at first crooks should apply. “Small daylight cameras are much easier and more reliable. Or the classic heist,” said security researcher Zalewski.