Cracking PINs with Infrared

A very interesting and highly plausible security vulnerability demonstrated in the above link from Youtube that most companies and people haven't even thought about. I have to say that it had never occured to me either. So I must send a big thanks to my colleague Dain for sharing.

When two surfaces connect they leave a heat signature that is easily detected with an infrared camera. Infrared cameras come in many shapes and sizes in today's world. Making this a potentially huge security weakness for PIN systems that require physical contact for verification. The real point made is that the cameras needed are relatively cheap and can be integrated quite easily in smartphones giving them added stealth and flexibility. I wonder if the banks and government installations use metal keypads to diffuse the heat signature for their access control locks?

While the video focuses on retail POS terminals the real threat to me comes from PIN locks on doors, Home alarms, and safety vaults like those found in hotels. In the retail environment you have the added protection that the person needs to also clone your card as well making any breach a two step process. Unfortunately, for the other systems above simply guessing the PIN grants all access which makes breaking the security of the whole system a single step transaction. You've been warned. Don't only shield your hands. Shield your heat signature as well!