New smartphone technology putting PIN security at risk

David Eccleston

For the modern crook, thermal cameras have become a techno-coloured dream.

A video viewed more than 11 million times shows how a $350 iPhone attachment bought through Apple can be used for all the wrong reasons.

Here's how it works: a customer puts their PIN into an EFTPOS machine or ATM, pay for the item and then walk away.

The thief then captures the keypad's thermal image to reveal which four buttons were pressed.


The thief then simply holds an iPhone handset over the keypad to reveal the previous customer’s PIN.

“It's not even that they're looking over your shoulder, it's that they've walked up, moments later, and you've well and truly gone but they can still pick up that signature and that's the thing to worry about,” CNET’s Seamus Byrne said.

A study from the University of California shows thermal imaging technology gives thieves up to an 80 per cent chance of cracking your code.

A thief is able to simply hold an iPhone handset over an EFTPOS keypad to reveal the previous customer’s PIN. Photo: 7News

With closer analysis, they can even work out the order the buttons were pressed as heat fades in time.

“They could get the card through skimming or through a theft or a robbery and combine that with the ATM access code, the PIN number, anything can happen,” Lyonswood Investigations’ Lachlan Jarvis said.

It's not just EFTPOS users who are at risk.

Any rubber or plastic keypad is vulnerable, including alarm systems.

Thermal imaging technology used via a smartphone can even reveal PINs used on door locks. Photo: 7News

But there's a simple solution to combat this technology.

By lightly covering all keys, you can muddy the thermal image.

“It's just about a little behaviour change that can actually keep you really safe against this kind of an attack,” Mr Byrne said.

The report also recommends more metal keypads for EFTPOS machines and ATMs as they don't retain heat for more than a few seconds.