Showing posts with label PINs. Show all posts
Showing posts with label PINs. Show all posts

16 February 2020

All in the Fingertips

bad girl
Did you ever wish you could peer into the past? In a way, anyone with a smartphone can, especially bad guys. With the help of technology, they can apply a trick to steal codes from digital locks, safes, secured buildings, even your ATM and credit card PIN numbers.

FLIR Systems specializes in infrared technology. They sell thermal cameras, attachments for iPhones and more recently for Androids, gadgets that gaze into the past. When it comes to PIN codes, this accessory can tell what keys were last touched. They accomplish it by sensing residual heat from your fingertips.

The Polite Lady

At the ATM, the woman rummaging in her purse waves you to go ahead. Twenty minutes earlier, her boyfriend had hot glued a fake card reader over the real one, Chinese made to blend with the original.

The lady finds her iPhone and politely waits while you complete your transaction. You step away, nodding to the nice person. She steps forward to attend to her business… reading your keystrokes with her smartphone.

How? A simple filter records the presence of your fingertips from the first, the coolest, to the hottest, the last digit you entered. Can you guess this all-too-common PIN number?

10-key pad with telltale reddish heat signatures
keypad with telltale heat signatures

If you said, “What ninny uses 1-2-3-4-5 for a PIN?” you’re right. The answer to that question is about 10-12% of the population.

The Smart Lady

Like most people, I normally work a 10-key device with three fingers like an accountant. With PIN code theft on the rise, I’d adopted the practice of pressing keys with my fingers out of order. It probably looks awkward to an observer, but I might press a key in the left column with my middle finger, and a key on the right with my index finger. Clumsy but hopefully confusing to unwanted eyes. I’m also not afraid to cup my hand around the keyboard if it doesn’t have a cowl. None of those actions solves this new personal identity attack.

So I mention to my girlfriend I’m writing an article on the topic. I barely get the question on my lips before Haboob says, “Now you have to touch other keys to fool the camera.” Did I hint she’s pretty damn smart?

And yes, either let your fingertips pause on unused keys or touch other keys once you’ve pressed Enter and finished the transaction. And don’t start your PIN number with a 1. Or a 0. Just don’t do it. Bad guys love suckers who use dates for PINs or lazily use 1234… etc.

Natually, this makes fodder for fiction. It’s all in the fingers. Here’s a video with more detail, 3¾-minutes, geeky but worth it.