Here is how thieves can and may already be using thermal imaging cameras for their no-good purposes:
- They install an illegal card skimmer at an ATM
- Then wait until a victim completes their transaction and moves on
- Thermal imaging camera is pointed at pin-number keypad
- Keys with residual heat from being pushed show up as hot spots
- With bank card and pin numbers in-hand, thief steals money from victim or sells the information to others
Residual heat transferred to a keypad from a user’s fingers can still be detected 10, even 45 seconds after contact.
Advertisement
It is improbable that thieves would go to such lengths when there are easier ways of capturing pin numbers, e.g. with hidden cameras., but the risk still stands. Theoretically, residual heat can be picked up with cheaper and more easily disguisable IR thermometers, as well.
The primary defense against these methods is to look for a potential card skimmer. Whenever you use a credit or ATM card with an automated machine (ATM, gas pump, etc), check to make sure there are no add-on devices attached to the real card scanner.
Source: Technical Research Paper (PDF) via Sophos Naked Security and Wired
Leave a Reply