A few months ago I published a video about the theft of PINs at ATMs to clone cards, one of the recommendations I gave was to cover the keyboard in some way to prevent a hidden camera – if any – from capturing the entry of the code.
Well, now it seems that this is no longer enough, 3 researchers have shown that it is possible to determine the PIN entered with a thermal camera which analyzes the residual heat left on the keys.
In the tests carried out, they discovered that on rubber keyboards, the traces remained for several seconds and it was even possible to determine the sequence of the numbers, however, on metallic keyboards, the heat dissipated quickly, making analysis impossible (download paper).
The technique has never been detected in action, it is too expensive technology and it is not worth risking so many tickets when you can get results with much less, but given the profits of the business it would not be strange that some tried.
Tips to avoid card cloning:
The offender needs two things to clone the card, the magnetic stripe information and the PIN. So you have to check the firmness of the slot and that there are no foreign elements, the same must be done with the keyboard and when entering the key, it is good to cover it so that it is not visible from any angle.
Some skimmers or cloning devices have fake keyboards that at first glance can go unnoticed:
Others may have a whole fake panel on their forehead:
There are many variants of these attacks, some are very elaborate like those of the previous photographs and others simpler but ingenious, such as the use of glue on the keys.
Green slot at the real or fake ATM?
Fake ATM security camera to steal PINs.