Credit Card PINs Can be Guessed Even When Covering the ATM Pad

Monday October 18, @10:37PM
Credit card PINs can be guessed even when covering the ATM pad:

Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.

The attack requires the setting up of a replica of the target ATM because training the algorithm for the specific dimensions and key spacing of the different PIN pads is crucially important.

Next, the machine-learning model is trained to recognize pad presses and assign specific probabilities on a set of guesses, using video of people typing PINs on the ATM pad.

[...] This experiment proves that covering the PIN pad with the other hand is not sufficient to defend against deep learning-based attacks, but thankfully, there are some countermeasures you can deploy.

  • (Score: 2) by JoeMerchant on Monday October 18, @10:39PM

    by JoeMerchant (3937) on Monday October 18, @10:39PM (#1188201)

    I had the same PIN on my ATM card from 1983 until about 2017 when the bank finally made me change it.

    Account hacks due to a 30+ year old PIN: zero.

  • (Score: 2) by looorg on Monday October 18, @10:59PM

    by looorg (578) on Monday October 18, @10:59PM (#1188206)

    The model can exclude keys based on the non-typing hand coverage, and deduces the pressed digits from the movements of the other hand by evaluating the topological distance between two keys.
    If the camera is capable of capturing audio too, the model could also use pressing sound feedback which is slightly different for each digit, thus making the predictions a lot more accurate.

    Why do they make sound? Most ATM machines here are outdoors so I guess it better be a pretty sensitive mic to pick that up cause it's not like it makes noise like an old phone.

  • (Score: 2) by Rosco P. Coltrane on Monday October 18, @11:17PM

    by Rosco P. Coltrane (4757) on Monday October 18, @11:17PM (#1188211)

    Ah! I pay everything with contactless NFC payment cards. No PIN needed. Try to guess MY PIN hackers! Who's clever now eh?

