Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand
Dr. Stjepan Picek, Prof. Mauro Conti, and their colleagues from the University of Padova published a work where they investigated the security of the PIN mechanism for ATMs. They showed that even if a user covers the typing hand with the other hand, a deep learning-based attack can infer the correct PIN.
Automated Teller Machines (ATMs) represent the most used system for withdrawing cash. The European Central Bank reported more than 11 billion cash withdrawals and loading/unloading transactions on the European ATMs in 2019. Although ATMs have undergone various technological evolutions, Personal Identification Numbers (PINs) are still the most common authentication method for these devices. Unfortunately, the PIN mechanism is vulnerable to shoulder-surfing attacks performed via hidden cameras installed near the ATM to catch the PIN pad. To overcome this problem, people get used to covering the typing hand with the other hand. While such users probably believe this behavior is safe enough to protect against mentioned attacks, there is no clear assessment of this countermeasure in the scientific literature.