FLIR Systems specializes in infrared technology. They sell thermal cameras, attachments for iPhones and more recently for Androids, gadgets that gaze into the past. When it comes to PIN codes, this accessory can tell what keys were last touched. They accomplish it by sensing residual heat from your fingertips.
The Polite Lady
At the ATM, the woman rummaging in her purse waves you to go ahead. Twenty minutes earlier, her boyfriend had hot glued a fake card reader over the real one, Chinese made to blend with the original.
The lady finds her iPhone and politely waits while you complete your transaction. You step away, nodding to the nice person. She steps forward to attend to her business… reading your keystrokes with her smartphone.
How? A simple filter records the presence of your fingertips from the first, the coolest, to the hottest, the last digit you entered. Can you guess this all-too-common PIN number?
keypad with telltale heat signatures |
If you said, “What ninny uses 1-2-3-4-5 for a PIN?” you’re right. The answer to that question is about 10-12% of the population.
The Smart Lady
Like most people, I normally work a 10-key device with three fingers like an accountant. With PIN code theft on the rise, I’d adopted the practice of pressing keys with my fingers out of order. It probably looks awkward to an observer, but I might press a key in the left column with my middle finger, and a key on the right with my index finger. Clumsy but hopefully confusing to unwanted eyes. I’m also not afraid to cup my hand around the keyboard if it doesn’t have a cowl. None of those actions solves this new personal identity attack.
So I mention to my girlfriend I’m writing an article on the topic. I barely get the question on my lips before Haboob says, “Now you have to touch other keys to fool the camera.” Did I hint she’s pretty damn smart?
And yes, either let your fingertips pause on unused keys or touch other keys once you’ve pressed Enter and finished the transaction. And don’t start your PIN number with a 1. Or a 0. Just don’t do it. Bad guys love suckers who use dates for PINs or lazily use 1234… etc.
Natually, this makes fodder for fiction. It’s all in the fingers. Here’s a video with more detail, 3¾-minutes, geeky but worth it.
Another good reason to avoid ATMs and smart phones, too!
ReplyDeleteI get more paranoid about these things every day. And what I hope happens to these people if they get caught I'd better not say here...
ReplyDeleteI avoid ATMs like the plague, but then I live in South Dakota, which makes it easier to pay for gas (and other things) inside with a credit card or cash. And I never pay for anything with my phone.
ReplyDeleteJanice and Eve, I'm not sure I visit ATMs as much as once a year. I detest the fees, especially sneaky ones like confirming your balance. Plus, they're attractive places to find robbers.
ReplyDeleteIt's nearly impossible to avoid credit card / debit card keypads at the grocery, the hardware store, the druggist, the service station. If a woman leaves her purse in a shopping cart and is distracted, her card or wallet can disappear in an instant.
There's a risk handing your card to the gas station attendant if your card's out of sight for even a moment. I learned that from personal experience.
Paul, some people can't keep themselves to themselves. They deem it much easier to filch the funds of working people.
Good advice. The only ATM I use is inside my bank where no one is allowed to be around anyone at the ATM except bank employees who are never close enough to see anything.
ReplyDeleteThat's about as safe as you can get, O'Neil!
ReplyDelete