安全系統存漏洞 ATM機鍵盤餘溫或泄露密碼
The heat your fingers leave behind on an ATM keypad can tell the hacker who comes after you exactly the code you keyed in。
The PIN digits you punch into an ATM’s keypad are leaving traces of themselves behind in the form of heat, says a paper recently presented by a team of UC San Diego security researchers. Someone following immediately behind an ATM user can use a digital infrared camera to determine what keys were pushed with about 80 percent accuracy. Even a full minute later the camera can pick up the correct digits about half the time。
But while it’s easy enough for a criminal type to determine the digits in your pin with an IR camera, it’s fairly difficult to determine the order. And the hack only seems to work on plastic keypads--metal returns too much heat noise for the IR camera to reliably discern with keys were just pressed。
Then there’s the fact that an IR camera isn't exactly an implement of petty crime. By the time one amassed the princely sum (around $18,000 to buy a good rig) necessary to acquire one, he or she probably wouldn’t need to steal ATM PINs anymore。
But none of that changes the fact that a security scheme on which most people regularly rely has a fairly exploitable hole. And it doesn’t just go for ATM machines--keypad safes, security doors, keypad activated garage doors, even the keypads that open up some car doors are susceptible to the IR hack, particularly where plastic keypads are involved。
Of course, to thwart the scheme you could simply place your hand over the entire keypad to impart heat to every key after you punch in your PIN。據美國《大衆科學》網站8月30日報道,你的手指在ATM機上留下的餘溫能讓尾隨你而來的黑客準確獲知你的密碼。
加利福尼亞大學聖地亞哥分校的研究小組在近日發表的論文中指出,你在ATM機上鍵入的密碼會以你手指餘溫的形式留下線索。緊隨在你身後的ATM使用者用數碼紅外攝相機就可以確定你按了哪些鍵,準確率在80%左右。即使在一分鐘之後,攝相機還會有50%的準確率。
雖然罪犯能用紅外攝相機測定你按了哪些鍵,不過要確定(按鍵的)順序卻非常困難。而且黑客似乎只能在塑料鍵盤上運用這個方法,因爲金屬會反射出大量的熱量干擾波,從而使得紅外攝相機無法準確識別。
而且紅外攝相機不是小偷小摸的人用得起的設備,如果他能攢夠這筆鉅款(一套像樣的設備大約需要1.8萬美元),應該也不需要去ATM機上盜竊了。
但這並不能改變這個事實:大多數人所信賴的那個安全系統其實還存在着不小的漏洞。而且這不僅限於ATM機,保險箱、防盜門、需鍵盤啓動的車庫門、甚至用來打開車門的小鍵盤也易受到使用紅外的黑客的影響,特別是當鍵盤是塑料質地時。
當然,想要破壞這個陰謀,你就只需在鍵入密碼後將整個手掌放在鍵盤上,這樣分佈在鍵盤上的熱量就均勻了。
