Tuesday, 30 August 2011

PIN compromise using thermal imagery unlikely at metal ATM PIN pads

Since my last post I have come across more information on the thermal camera threat relating to PIN compromise.  Having read the research paper it seems that most ATMs are not at risk from this threat as, at the moment, the possibility of PIN compromise from thermal imaging technology really only exists for PIN entry at plastic PIN pads, and even then the success rate is not high - although the researchers claim that it is economically viable.  As most ATMs seem to have metal key pads, this is a relief for the industry.  The possibility of using thermal imaging for PIN compromise was first demonstrated by Michael Zalewski in 2005.

At the Woot '11 5th USENIX Workshop on Offensive Technologies held on 8th August 2011 in San Francisco, a presentation entitled Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks was delivered.  This was based on research and analysis carried out by Keaton Mowery, Sarah Meiklejohn, and Stefan Savage from the University of California, San Diego.  If you want to read more you can visit the website of the USENIX Workshop and download the slide presentation made by Mowery et al and/or the full research paper.

No comments:

Post a Comment