# Stealing ATM PINs with thermal cameras



## AquaNekoMobile (Feb 26, 2010)

http://nakedsecurity.sophos.com/2011/08/17/stealing-atm-pins-with-thermal-cameras/

Inteesting quote from /.



> I'd never heard of this method of attack until now. But it might explain why some of my bank's ATMs seem to have a high volume of cooling air blasting through any cracks and openings in the machine. Metal keys as well.
> 
> There was an article in a recent electronics magazine about building a code entry keypad that scrambles the digit positions between each entry attempt. This would make filming the keyboard difficult if one were to make the digit displays hard to see other than straight on. It would cause problems for people who enter their PIN based upon positional memory rather than looking at the numbers.


ATM thieves are getting more high tech so keep on guard. Perhaps take a few extra seconds at the ATM and rub the keypad warm before leaving or my personal favorite carry a can air and flash freeze the keypad (turn can upside down and discharge). That is in conjunction with covering the keypad when you enter your PIN and as always be aware of who is around.

Grrr I hate thieves. What do you guys do when you go to the ATMs?


----------



## AquaNekoMobile (Feb 26, 2010)

Technical papers on this

http://www.usenix.org/events/woot11/tech/final_files/Mowery.pdf


----------



## peterpd99 (Oct 18, 2010)

keep the gloves on in the winter??...maybe try using a pen/stick etc... to press the numbers??


----------



## 50seven (Feb 14, 2010)

I used to work for the bank, so first I scan the ATM for any unusual hardware, and stand with my body covering as much of the machine as possible, even from the bank's own security cameras.

When entering PIN: Cover your fingers with your other hand. Place all your fingers on 5 different keys at once, and press the keys without moving your fingers away, just a slight tap. It helps to be able to punch the numbers without looking at them. 

The thermal imaging bit has no way of telling what order the numbers were pressed in and how many times each button was pressed. Also, the keys would warm up from a finger being placed on them even though the key wasn't pressed.

You could always boldly and in plain sight just punch all the keys very deliberately with your middle finger and tell the PIN thieves where to shove it... 

I've had my PIN stolen before, and even though the bank was great and got me my money back within a few days, I'd still like to punch in the punk who did it.


----------



## AquaNekoMobile (Feb 26, 2010)

Yah always do the cover up thing. I spoke with someone before in school and they had thier pin swiped via an airport ranged attack. You may have heard of that before on The National about thieves on higher ground in the airport looking down at people inputting thier pins and cards via a long nose SLR looking like a tourist waiting for a flight. 

Thanks for the insight 50seven with your past job experience. I wonder if IR will disrupt a Flair cam if it was adapted to a ranged lense.


----------



## Zebrapl3co (Mar 29, 2006)

I usually don't go to terminals outside of a bank other than a real bank. If I find a terminal suspicious, I simply walk away.
You'll notice that most of the new terminals have metal buttons. With the introduction of a chip card. It's even harder to steal a card. Depending on which bank it is. Some are still a bit behind on their hardware. It's pretty safe now a days, just be mindful when you us an ATM machine.

*Never pay again for live sex! | Hot girls doing naughty stuff for free! | Chat for free!*


----------



## Chris S (Dec 19, 2007)

My PIN has been stolen so many times (or compromised), but the bank always takes care of it, so I don't really care about being paranoid about any of this crap =D


----------



## mrobson (Mar 5, 2011)

thats not even the most concerning scam they are using, the scammers have a hand held device that can pull all the info off the new chip cards all they have to do is wave it near your wallet/purse. I gave up worrying years ago, the moneys all insured and the bank normally catches it pretty quick.


----------



## Greg_o (Mar 4, 2010)

^ Is the PIN stored on the chip card?


----------



## Zebrapl3co (Mar 29, 2006)

No, the PIN is not store in the chip card.
As for the waving chip reader scam, the new chip cards only have partial digital numbers. I think it's either the middle 4 or 8 numbers missing from the chip card. So even if the guy waves it around and stole your card number, he will only manage to get parts of your number. Not the entire set. So, ultimately, he/she will have to physically get the number from you. That one doesn't really work anymore. But if they manage to get ahold of your card, ie., double scan at the gastation or at the retail stores and restaurant, all the info is there for the taking.

*Never pay again for live sex! | Hot girls doing naughty stuff for free! | Chat for free!*


----------

