Thermal keyboard attack
While an interesting idea I wonder, like with a lot of these "attacks" how useful in practice they really are.
The heat doesn't last very long, so you have to be there basically as you type or within seconds. After just 20 seconds the heat is dropping fast and after a minute you are basically guessing.
Still 4 digit ATM pins could be in deep trouble. But then after you entered the 4 digit pin you usually push a few more numbers to get your money and make various choices at the machine. So it might be a difference between real live usage and laboratory usage.
The heat or colour will then tell the order in what was used last to the keys that are fading was the once used earliest.
But still unless it can tell a few keys appear that might be very similar in heat you end up with options. But then getting or guessing a password from a limited pool of characters is better or faster then guessing one from a larger pool.
So the new security feature or recommendation will be to before you leave the ATM press ALL the keys or after you get your money just stand there for a minute or so and put the money into your wallet so you let the machine or the keypad cool down.
How will the camera note if you use the same keys over again (AxxxxAxxxxxA)? Will it know if you hit the A key then multiple times?
(Score: 5, Interesting) by Frosty Piss on Wednesday October 12 2022, @09:38AM (1 child)
How does this help you if you don't have a physical card? There would also need to be a card skimmer.
(Score: 0) by Anonymous Coward on Wednesday October 12 2022, @06:32PM
And if you can install a skimmer you can just as easily install a normal camera that watches people typing in their PIN, because hardly anyone actually bothers to cover their hand while they enter it. Using thermal imaging in addition to normal techniques could perhaps allow a thief to successfully obtain more PINs, but probably not enough to justify the additional complexity.
This attack just doesn't seem very useful against ATMs when compared against much simpler methods.
Not sure if card skimmers are even that effective anymore due to widespread adoption of EMV technology. Maybe some of the international debit networks still work with magstripes?
(Score: 2) by hendrikboom on Wednesday October 12 2022, @01:41PM (1 child)
Or use one of those styluses with a rubber tip. No body heat to get on the keys.
(Score: 2) by FatPhil on Wednesday October 12 2022, @05:36PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by datapharmer on Wednesday October 12 2022, @03:13PM
This has been around for years. It’s why many of the new atms have plastic keys instead of metal (less heat retention)
(Score: 3, Funny) by tangomargarine on Wednesday October 12 2022, @03:32PM (1 child)
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2) by tangomargarine on Thursday October 13 2022, @07:27AM
Offtopic, really? The article is literally about heat retained on an ATM keypad :P
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 1) by Runaway1956 on Wednesday October 12 2022, @11:26PM
I always empty a can of naphtha (lighter fluid) on the keyboard, and light it before I leave the ATM. That warms up all the keys!
“I have become friends with many school shooters” - Tampon Tim Walz
(Score: 3, Insightful) by Rich on Thursday October 13 2022, @12:15AM (1 child)
As mentioned before, this has been around for a while. Together with some pickpocketing it's a viable low-effort attack. Since I first read about it, I rest fingers on uninvolved keys while I wait for the machine to tell me to enter my PIN, so the attacker gets more than four keys on the scan.
(Score: 2) by sonamchauhan on Thursday October 13 2022, @12:39AM
I do that too and twitch uninvolved fingers too
(Score: 2) by Sjolfr on Thursday October 13 2022, @01:02AM
I just touch all the keys after I input my own PIN. Problem solved. The real thing to watch for are the card skimmers. Just wiggle the card reader and move on to the next ATM if it's lose.