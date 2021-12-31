The secret number of the cards can be guessed by observing the user’s hands when typing, even when he covers the keyboard, revealed the experiment of a team of researchers from the Italian University of Padua.

After the experiment, the researchers showed that it is possible to train a specialized deep learning algorithm to guess the PIN four-digit number of credit cards, achieving a rate of one 41% success.

EXPERIMENT

The algorithm training needs to work with the specific dimensions, specifically the key spacing of the different keyboards PIN it’s of vital importance.

The machine learning model then trains itself with the information received to recognize keystrokes and assign specific probabilities that a movement corresponds to a certain key, all based on videos of people entering their keys. PIN on the keyboard of the ATM.

The model deduces the digits pressed from the movements of the hand, evaluating the topological distance between two keys. Camera placement playing a critical role: It was determined that hiding a pinhole camera on top of the ATM it was the most effective approach for the attacker.

Using three attempts (usually the maximum number allowed before the card is held) the researchers reconstructed the correct sequence for the PIN of five digits in 30% of the occasions and in 41% for the four.

And the authors emphasize that, if the camera were able to also capture the audio, the model could use the feedback of the sound of the pulse, which is slightly different for each digit, with what the predictions would be much more accurate.

For the experiment, the researchers collected 5,800 videos of 58 different people from various demographic groups, entering four- and five-digit codes.

The computers on which the prediction model was run were a Xeon E5-2670 with 128GB of RAM and three Tesla K20m with 5GB of RAM each. The authors point out that these are upper-middle-range systems, but that they are within a reasonable economic spectrum.

As a comparison, the researchers used the videos of the experiment in a survey of 78 participants to determine whether humans could also guess the PIN hidden. On average, the survey participants responded with an accuracy of only 7.92%, which is very inefficient for carrying out attacks of this type.

PRECAUTIONS

– If your bank gives you the option to choose a PIN with five digits instead of four digits, choose the longest. Although it may be more difficult to remember, it is much safer against attacks of this type.

– The authors explain that the space you cover with your hand considerably reduces the accuracy of the prediction.

– Serve users with a virtual and random keyboard instead of a standardized mechanical one.

MJP