Hand Me Your PIN! Inferring ATM PINs of Users Typing with a Covered Hand presented at USENIX Security 2022

by Matteo Cardaioli, Stefano Cecconello, Mauro Milani,

Tags: Web Security III: Bots & Authentication

URL : https://www.usenix.org/system/files/sec22-cardaioli.pdf

Summary : Automated Teller Machines (ATMs) represent the most used system for withdrawing cash. The European Central Bank reported more than 11 billion cash withdrawals and loading/unloading transactions on the European ATMs in 2019. Although ATMs have undergone various technological evolutions, Personal Identification Numbers (PINs) are still the most common authentication method for these devices. Unfortunately, the PIN mechanism is vulnerable to shoulder-surfing attacks performed via hidden cameras installed near the ATM to catch the PIN pad. To overcome this problem, people get used to covering the typing hand with the other hand. While such users probably believe this behavior is safe enough to protect against mentioned attacks, there is no clear assessment of this countermeasure in the scientific literature.