Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
- URL: http://arxiv.org/abs/2110.08113v1
- Date: Fri, 15 Oct 2021 14:25:41 GMT
- Title: Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
- Authors: Matteo Cardaioli, Stefano Cecconello, Mauro Conti, Simone Milani,
Stjepan Picek, Eugen Saraci
- Abstract summary: The European Central Bank reported more than 11 billion cash withdrawals and loading/unloading transactions on the European ATMs in 2019.
The PIN mechanism is vulnerable to shoulder-surfing attacks performed via hidden cameras installed near the ATM.
This paper proposes a novel attack to reconstruct PINs entered by victims covering the typing hand with the other hand.
- Score: 33.26006726271844
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Automated Teller Machines (ATMs) represent the most used system for
withdrawing cash. The European Central Bank reported more than 11 billion cash
withdrawals and loading/unloading transactions on the European ATMs in 2019.
Although ATMs have undergone various technological evolutions, Personal
Identification Numbers (PINs) are still the most common authentication method
for these devices. Unfortunately, the PIN mechanism is vulnerable to
shoulder-surfing attacks performed via hidden cameras installed near the ATM to
catch the PIN pad. To overcome this problem, people get used to covering the
typing hand with the other hand. While such users probably believe this
behavior is safe enough to protect against mentioned attacks, there is no clear
assessment of this countermeasure in the scientific literature.
This paper proposes a novel attack to reconstruct PINs entered by victims
covering the typing hand with the other hand. We consider the setting where the
attacker can access an ATM PIN pad of the same brand/model as the target one.
Afterward, the attacker uses that model to infer the digits pressed by the
victim while entering the PIN. Our attack owes its success to a carefully
selected deep learning architecture that can infer the PIN from the typing hand
position and movements. We run a detailed experimental analysis including 58
users. With our approach, we can guess 30% of the 5-digit PINs within three
attempts -- the ones usually allowed by ATM before blocking the card. We also
conducted a survey with 78 users that managed to reach an accuracy of only
7.92% on average for the same setting. Finally, we evaluate a shielding
countermeasure that proved to be rather inefficient unless the whole keypad is
shielded.
Related papers
- IFTT-PIN: A Self-Calibrating PIN-Entry Method [15.87768582998229]
We demonstrate a novel method that enables the personalising of an interface without the need for explicit calibration procedures.
A second-order effect of self-calibration is that an outside observer cannot easily infer what a user is trying to achieve.
We develop IFTT-PIN as the first self-calibrating PIN-entry method.
arXiv Detail & Related papers (2024-07-02T13:58:28Z) - Principles of Designing Robust Remote Face Anti-Spoofing Systems [60.05766968805833]
This paper sheds light on the vulnerabilities of state-of-the-art face anti-spoofing methods against digital attacks.
It presents a comprehensive taxonomy of common threats encountered in face anti-spoofing systems.
arXiv Detail & Related papers (2024-06-06T02:05:35Z) - Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transformers [51.0477382050976]
An extra prompt token, called the switch token in this work, can turn the backdoor mode on, converting a benign model into a backdoored one.
To attack a pre-trained model, our proposed attack, named SWARM, learns a trigger and prompt tokens including a switch token.
Experiments on diverse visual recognition tasks confirm the success of our switchable backdoor attack, achieving 95%+ attack success rate.
arXiv Detail & Related papers (2024-05-17T08:19:48Z) - BEEMA: Braille Adapted Enhanced PIN Entry Mechanism using Arrow keys [0.0]
Visually impaired computer users suffer from secrecy and privacy issues on digital platforms.
This paper proposes a mechanism termed BEEMA to help people with visual impairments.
arXiv Detail & Related papers (2023-05-18T02:03:17Z) - KeyDetect --Detection of anomalies and user based on Keystroke Dynamics [0.0]
Cyber attacks can easily access sensitive data like credit card details and social security number.
Currently to stop cyber attacks, various different methods are opted from using two-step verification methods.
We are proposing a technique of using keystroke dynamics (typing pattern) of a user to authenticate the genuine user.
arXiv Detail & Related papers (2023-04-08T09:00:07Z) - Face Presentation Attack Detection [59.05779913403134]
Face recognition technology has been widely used in daily interactive applications such as checking-in and mobile payment.
However, its vulnerability to presentation attacks (PAs) limits its reliable use in ultra-secure applicational scenarios.
arXiv Detail & Related papers (2022-12-07T14:51:17Z) - Hierarchical Perceptual Noise Injection for Social Media Fingerprint
Privacy Protection [106.5308793283895]
fingerprint leakage from social media raises a strong desire for anonymizing shared images.
To guard the fingerprint leakage, adversarial attack emerges as a solution by adding imperceptible perturbations on images.
We propose FingerSafe, a hierarchical perceptual protective noise injection framework to address the mentioned problems.
arXiv Detail & Related papers (2022-08-23T02:20:46Z) - IFTT-PIN: A PIN-Entry Method Leveraging the Self-Calibration Paradigm [4.111899441919164]
IFTT-PIN is a self-calibrating version of the PIN-entry method introduced in Roth et al. 2004.
It infers both the user's PIN and their preferred button-to-color mapping at the same time, a process called self-calibration.
We present online interactive demonstrations of IFTT-PIN, with and without self-calibration.
arXiv Detail & Related papers (2022-05-19T12:57:55Z) - BioTouchPass: Handwritten Passwords for Touchscreen Biometrics [3.867363075280544]
This work enhances traditional authentication systems based on Personal Identification Numbers (PIN) and One-Time Passwords (OTP)
In our proposed approach, users draw each digit of the password on the touchscreen of the device instead of typing them as usual.
A complete analysis of our proposed biometric system is carried out regarding the discriminative power of each handwritten digit and the robustness when increasing the length of the password and the number of enrolment samples.
arXiv Detail & Related papers (2022-05-03T07:42:47Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.