Access to your debit card PIN can be as simple as a cellphone snap away, thanks to affordable infrared readers that can attach to the back of your iPhone. YouTuber Mark Rober shows both how easy it is to fall prey to this particular attack and how users can protect themselves.
The scanner simply reads where your fingers have touched a keypad within a few minutes of contact. Thanks to the property of thermal equilibrium, a scan pulled right after someone has touched a keypad can pull a thermal signature off the keys and determine both what was pressed, and generally the order based on the intensity of that signature.
Previously, infrared scanners were too bulky to carry inconspicuously, but new technology has made them as small as an iPhone case. Rober uses a FLIR ONE, a $349 device available at Apple stores that is marketed as a solution to home DIY projects that could beneift from infrared cameras but can also easily be exploited. Luckily, keypads that are metal are safe from thermal signatures, but rubber and plastic pads are vunerable, so Rober offers a simple tip for the cautious: All you need to do is lay your fingers against other numbers on the keypad as you type your pin code and the thermal signature will be rendered meaningless.
A decent solution, but possibly not at the front of your mind when you’re quickly picking up groceries or trying to pull $20 from an ATM.
Screengrab via Mark Rober/YouTube