LOS ANGELES (CBS) — Your body’s own heat could be a gold mine for thieves, revealing your ATM PIN number, according to new research out of San Diego.
University of California San Diego computer science doctoral students decided to focus heat sensitive cameras onto ATM keypads and found that the thermal cameras were able to read four-digit PIN numbers, regardless if a user shielded their code.
“As you touch the ATM keypad you leave a heat residue on the thing itself. You actually heat up the keypad as you touch it,” Keaton Mowery told CBS 2’s San Diego affiliate.
The UCSD study focused on 21 volunteers who tested 27 randomly PIN numbers on both a plastic and metal keypads.
Researchers found that the thermal cameras only worked on the plastic pads with the most recently punched key registering the warmest temperature.
“By looking at those dots where your finger touched, we could tell which buttons had been pressed,” Mowery said.
The accuracy of the code depended on how quickly the thermal image was taken after the PIN was entered. On plastic pads, the success rate of detecting all the digits was 80% after 10 seconds and 60% after 45 seconds, according to the study.
“A full minute out we were still able to recover 50 percent of the codes,” UCSD graduate student Sarah Meiklejohn said.
Researchers also found that the set of numbers entered by a forceful the user or those with a higher body temperature were easier to recover.
The study was presented at the USENIX Security Symposium in August.
But ATM users need not worry; a thermal camera runs about $20,000. UCSD researchers also found no proof that the cameras were being used by criminals.