Advancements in technology are making it easier for criminals to breach push button security devices.
Formerly, thermal imaging equipment was only a tool of the best-equipped attacker, but the technology is now inexpensive and widely available. One specific device capable of helping thieves steal personal PIN numbers and break into safes attaches to iPhones and costs as little as $150.
“The thermal imaging device exposes millions of push button locks & ATMs around the world as the digital security arms race gets ever more sophisticated,” David Wray, principal consultant at Sec-Tec, told the Observer.
This gadget, called FLIR ONE, simply senses temperature to allows its user to see which buttons on a keypad were recently pressed. Consultants at Sec-Tec, a London-based company that provides independent penetration testing and security services, tested it recently on a wide range of push button security devices including ATMs, locks and safes, and what they found was frightening.
With the device, determining which numbers were pushed was simple and “straightforward.” Some keypads even leaked the digits pressed by a legitimate user for well over a minute after they were originally pressed.
Figuring out the order the buttons were pressed in proved slightly more difficult, but it was still simple enough after a little trial and error. Most keypads don’t have a lock-out mechanism (meaning you aren’t locked out after repeatedly entering the wrong code). With no lock-out mechanism, one could simply keep reordering the four digits until their breach attempt proves successful.
There are, however, a few ways to protect yourself from becoming a victim of personal PIN theft via thermal imaging. Simply palming the entire keypad after you’re done using it, for one, should do the trick. You can also significantly reduce your risk by using keypads with buttons that are metallic as opposed to rubber or plastic.