The estimated reading time for this post is 4 minutes
Advances in technology are often celebrated as they make our lives easier. But sometimes advances in technology can be used for evil.
An industrious spaceship engineer named Mark Rober figured out how thieves could steal your PIN code by using inexpensive thermal imaging technology. With an iPhone case thieves could capture the heat registered on a keypad after someone entered their PIN code. The thermal image can show not only which keys were touched but also the order in which they were touched.
Thermal imaging cameras have been around for a while, but used to cost thousands of dollars. Recently a company called FLIR System started selling a thermal imaging camera embedded in a case for the iPhone 5s and 5. FLIR’s thermal imaging camera, the FLIR One is now available for $349.
Rober realized that the thermal camera in the FLIR One iPhone case could be used to secretly capture the PIN code of an unsuspecting shopper. This video by Rober demonstrates how the camera can capture the thermal image and show the heat of the numbers on the PIN keybpad.
Thermal images show the relative temperature of objects by using color, with red showing heat. The deeper the red color the higher the temperature of the object.
A thermal image of a keypad after a PIN code has been recently entered shows which numbers have been touched. A thief seeing the thermal image taken of a keypad could then determine which keys were pressed and in which order based upon the color of the keys in the image.
Metal keypads reflect the thermal imaging cameras so don’t reveal the PIN code keys that were pressed.
This method doesn’t guarantee success but gives thieves very good odds of determining your PIN code. A USC study showed an 80% success rate in guessing a PIN code based on a thermal image taken after the code was entered.
Why This Theft Is So Dangerous
One of the dangers of this thermal imaging trick is that your PIN code could be retrieved after you’ve left the store. While you may be vigilant in covering your hand as you enter your PIN code and making sure that no one is watching you as you enter it, you have no control over what happens after you leave.
The FLIR case for the iPhone looks like a normal iPhone case so even if you stuck around after your purchase, you would likely have no idea that someone was taking a thermal image of the keypad. You could be a witness to the thief swiping your PIN code and not even realize it was happening.
Protecting Yourself
The good news is that you can easily protect yourself from this thermal imaging theft. As Rober explains in the video, you can rest your other fingers on the other numbers on the keypad to warm them up as you enter your PIN. You could also place your palm on the keypad after you’ve entered your PIN.
By touching other keys you can make thermal images of the keypad worthless to thieves.
Thieves Still Need Your Card Number
A PIN code doesn’t matter much if the thief doesn’t have your card number. A thief has two ways of getting your card number: physically or through hacking. A thief could target a victim whose PIN code they’ve obtained and try to steal the credit/debit card.
With the recent hacking of credit/debit card information from stores such as Home Depot and Target, thieves have a huge database of card numbers. Pairing those cards with stolen PIN codes hasn’t been an issue yet. But you can stay ahead of thieves by merely touching the other numbers on the keypad after you make a purchase, thwarting them and the potential for using your pilfered PIN code.
Your Thoughts
Have you heard about this new type of theft? Will you start protecting yourself against thermal imaging technology when you use a PIN keypad? Let us know in the Comments section below!
*************************
Awesome Happy Video
If you enjoy watching videos of people dancing to Happy by Pharrell Williams, then you may still be checking out videos from We Are Happy From Around the World!.
While you may not have finished watching all the Happy videos yet, take a moment to enjoy this video of children at Camp Mark Seven, a deaf film camp, who created their own Happy video this summer using American Sign Language:
If you’re now a fan of this video, well, you’re not alone. Williams gave some Twitter love to the video.
โย Also see, Marlee Signs โ Learn Sign Language from an App! for a fun way to learn American Sign Language.
*************************
* Thermal Image courtesy of Eirik Stavelin via Flickr and Creative Commons
Hi Carolyn,
My goodness! That video was something about the pin code theft and to what extents people can really go! Never heard of it, though the ATM thieves are all over and perhaps use the same technique mentioned here.
Yes, that makes sense when you said that through thermal imaging your PIN code could be retrieved, especially once you leave the ATM or store, or any other place. I guess the metal ones are a much better choice or as he said press all your fingers and then type the code, one way to protect your code. It’s always better to be careful than to fall for such kinds of thefts.
Thanks for sharing this with us. Have a nice week ahead, though perhaps you are still on your Labor Day mood ๐
Hi Harleena, Yes, this is a very scary development for technology, especially since you have no way to protect yourself after you leave the store. Yes, you can touch all of the buttons or some other buttons after you type the code.
By taking a simple step we can protect ourselves from this thermal imaging theft. There is so much in the news about card information being stolen from retailers but thieves haven’t been able to get the PIN numbers. Now they have an easy way to get the PIN numbers so we should try to protect ourselves.
Oyoyoy, bad news. No, Carolyn, this is the first time I hear about this new way of thieves “claiming” a PIN code.
By instinct (?) I always leave my hand over the key pad for some time after having finished my transaction.
Hi Barbara, Your instincts are spot on. You’re very smart to have been putting your hand on the keypad after you finish your transaction. Keep up the good work! :-bd
How about if you type with yur fingernails or using a pen?
Hi Israel, Great idea! You’re right, as long as you don’t leave heat behind you can enter your PIN code and thwart thieves. I suppose you could wear gloves and use the keypad too.
Hi Carolyn,
This is interesting and a clever way of getting a pin number. This might work on security locks that use a pin, not so likely to use in stores here. Not in the supermarket I use, we go through the checkout too fast! The locks used in hospitals could be vulnerable though. You missed the edit I did on your photos on a zillion ideas. That was last week. I did guest pictures.
Hi Mike, Yes, the UK has had chip & pin for a while now but the US hasn’t gotten it yet. We’re paying the price now with credit and debit card hacking. Target, Home Depot and others have had their credit card payment system hacked.
Thieves are becoming more clever and getting richer with their hacking so we have to protect ourselves as best as we can!
Hey Carolyn,
Never heard about this kind of theft. With enhanced technology we’re enjoying our daily lifestyle but bad guys are also taking full advantage of it to crook people.
I’ll certainly follow your instructions to remain secure, but I doubt if this technology is used in India too.
Hi Pankaj, Yes, I’m not sure if it’s available in India yet but it’s better to be ahead of the game with this. If you protect yourself even if it isn’t needed that’s better than not protecting yourself and getting your PIN code stolen!
Hi Carolyn,
Thank you for sharing about this new threat. I am surely going to take precautions while using keypads in public places (and of course on door-locks). Wow! It’s amazing how things can turn from good to evil just by going into wrong hands.
Very alarming indeed!
I m going to share this with as many people I know!
Regards,
Kumar
Hi Kumar, Thanks so much for sharing this article. Yes, it’s important to protect yourself from this threat. It’s an easy precaution to take, so long as you know about it!
LOVED this, Carolyn. My best friend growing up is deaf. Loved the vid. Hadn’t seen it yet. ๐
Also, the tips on protecting ourselves from theft. Another thing I decided to do at the grocery store (where I use my debit card most), is to choose “credit” on the kiosk. It requires a signature (and a few secs more), but it might prevent PIN theft. Thanks for this valuable info.
Hi Steve, I’m so glad you enjoyed this delightful Happy video. Such an inspirational message!
Yes, choosing “Credit” would avoid this PIN scam but signatures may not be very secure either.
Thanks for that Carolyn. Wow who’d a thought? Those thieves are always looking for opportunities aren’t they?
But this is a great tip and I will be using it from now on for sure. I’m wondering if using a pencil or your fingernail will help as well. I guess the point is to not generate heat on specific keys or generate heat on all the keys.
Thanks again for posting this and helping us all stay secure ๐
Blessings,
Liz
Hi Liz, Yes, if we can stay a step ahead of the thieves we’ll be better able to protect ourselves from their new schemes.
You’re right, the goal is to avoid leaving a heat map on the PIN pad so using a pencil may work well also.
Hi Carolyn,
I have heard about many pin code theft ideas but this is something new. And its quite shocking that people do this just for theft purpose. If they apply technology to the right direction they can earn more.
And I personally feel that the advantage is itself an disadvantage for the same thing at a time. Hope to see some quick reactions from experts to stop pin code theft.
Hi Aditya, Great point, sometimes advances in tech can be both good and bad. In this case an inexpensive thermal camera can be used for good or evil. We can prevent the camera being used for stealing our PIN codes by taking this small step when we shop.
Nice writeup, like the protection guideline on covering the keypad with our palms later on. but don’t think these guys will give up that easily, they’ll still device a means to get these codes.
Hi Grace, Welcome to The Wonder of Tech. You’re right, this doesn’t cover all possible ways your PIN code could be stolen. But by covering the keypad with your fingers, you can prevent thieves using this method to steal your PIN.
Hey Carolyn,
Oh great, one more thing to worry about. I guess what my thinking is in learning this is what good will it do them if they don’t have the card? Unless they are great with stealing someone’s identity then just knowing the code without the debit card to go with it then I’m not really sure how good that information really is. He didn’t say so do you know?
Thanks for reporting this, it’s still good to know.
~Adrienne
Hi Adrienne, Good point. You’re right, having a PIN code without the card number wouldn’t do a thief much good. But as we have seen from Home Depot and Target thefts, hackers are gaining access to credit/debit card numbers in spite of security features in place. There is also the danger of our wallets being stolen in a plain, old-fashioned robbery. I hope that never happens to us, but we can help thwart thieves by taking a quick step to hide our PIN numbers from thermal imaging cameras.