据大众科学网站8月30日报道,加州大学圣地亚哥分校的安全研究人员最近发表论文指出,用户在自动柜员机(ATM)键盘上输入的密码数字,会在交易完成后以手指余热的方式留下痕迹。紧随而至的不法分子,能利用数码红外照相机确认前位用户输入的是哪些数字,辨识精确度高达80%。科研人员在美国高等计算机系统协会(USENIX)的技术论坛中阐述了此项研究的相关细节。
该校计算机科学系的博士生基顿-莫尔里表示,即使是在上次交易结束1分钟后,红外照相机获得正确密码数字的几率仍接近五成。但在90秒以后,提取正确密码数字的几率可降至20%左右。但他也指出,虽然不法分子很容易通过红外照相机了解其他用户所输密码中包含的数字,但确定它们的顺序却并不容易。同时,不法分子似乎仅能在塑料键盘上得手。金属能够将热噪声返还给红外照相机,使准确破译他人所输的密码变得难上加难。
但这并不能改变一个事实,即大多数人普遍所信赖的安全保护措施存在着可利用的漏洞。这不仅会影响到ATM的使用安全,涉及按键输入的保险柜、安全门、汽车库门,甚至是可由键盘操控的汽车车门等,都有可能受到犯罪分子的侵害,尤其是当使用的是塑料键盘时。
当然,解决这一安全隐患也不是没有捷径。你只需在输入自己的密码后,将手掌覆盖在整个键盘上,或者在交易结束后,随便输入其他几个数字,为多个按键都留下余热,从而让不良分子心生疑惑,无迹可寻。同时人们也可以仔细留心自己之后的用户有没有异常举动,防患于未然总好过追悔莫及。
生物探索推荐英文文章阅读:
Heat Hacking: Criminals Can Steal Your ATM PIN Code Via the Heat Your Fingers Leave Behind
The PIN digits you punch into an ATM’s keypad to authenticate your transactions are leaving traces of themselves behind in the form of heat, says a paper recently presented by a team of UC San Diego security researchers. Someone following immediately behind an ATM user can use a digital infrared camera to determine what keys were pushed with about 80 percent accuracy, their study shows. Even a full minute later the camera can pick up the correct digits about half the time.
But while its easy enough for a criminal type to determine the digits in your pin with an IR camera, it’s fairly difficult to determine the order. And the hack only seems to work on plastic keypads--metal returns too much heat noise for the IR camera to reliably discern with keys were just pressed.
Then there’s the fact that an IR camera isn't exactly an implement of petty crime. By the time one amassed the princely sum (around $18,000 to buy a good rig--the $150 Midnight/Shot won't cut it) necessary to acquire one, he or she probably wouldn’t need to steal ATM PINs anymore.
But none of that changes the fact that a security scheme on which most people regularly rely has a fairly exploitable hole. And it doesn’t just go for ATM machines--keypad safes, security doors, keypad activated garage doors, even the keypads that open up some car doors are susceptible to the IR hack, particularly where plastic keypads are involved.
Of course, to thwart the scheme you could simply place your hand over the entire keypad to impart heat to every key after you punch in your PIN. And if that doesn’t jive with you germophobic readers, you can always just preemptively Mace the person behind you in line each time you visit the ATM. Better safe than sorry.
