
Thermal images reveal what parts of a screen were tapped - r721
https://www.theatlantic.com/technology/archive/2017/03/hot-hands-smartphones/519069/?single_page=true
======
godmodus
Isn't this used for skimming ATMs?

What's new about this?

------
lithos
Why haven't lock screens gone with floating/moving numbers yet.

Or at least a pin pad that randomizes number positions. MMOs have had this
'comfort' feature since the late 90s as a antikeylogger feature.

------
make3
LG phones have this optional feature to scramble the digits on the software
touchpad so they aren't in the regular order (but a random one). This would be
a start I feel; they would need to also actually get a picture of the software
keypad instead of just an IR picture your screen however long after

------
msimpson
Good thing I always carry my phone in the back of my jeans. Hot pocket, FTW.

------
randyrand
The video they showed seems faked. Why do his other presses and swipes he
makes after entering the password not show up in the thermal image? Why would
they fake this?

------
lathiat
Without comment on this specific article, there was a video of this doing the
rounds last year using a FLIR ONE on a card terminal. I subsequently saw
another video debunking it. It only worked if you super cooled the pin pad,
there was evidence of that in the original video; it was totally un-workable
with a normal room temperature keypad.

I imagine though it's likely highly variable though depending on the thermal
conductivity and emissivity of the surface being touched, as well as the
actual room temperature and the quality of the thermal sensor.

EDIT: This random video seems to agree with the above, again, no idea how
credible. Highly variable on factors.
[https://www.youtube.com/watch?v=8Vc-69M-UWk](https://www.youtube.com/watch?v=8Vc-69M-UWk)

------
Markoff
useless attack since many phones are already randomizing number pad each time
is displayed

------
modzu
no shit

------
nom
This is nothing new. I remember an article/paper about the same thing but with
pin pads.

Keep in mind, it only works for a very short amount of time as the surface
cools down quickly. I don't think it's an attack vector you should worry
about.

You can just as easily shoulder-surf the user as he unlocks the phone. It
works even better with the "stroke gestures" that is common on android devices
- most users don't disable the "draw line" option... it's much easier to spot
and remember than a pin pad entry :D

~~~
jimmaswell
Sometimes you can unlock people's phones by holding them up to the light and
seeing where the grease marks are, if they use the dot pattern unlock or a
small pin. Got a few people with this in high school.

~~~
nom
I was about to mention this in my post but wanted to keep it short :D. The
smudge marks are probably as good of an indicator as the heat signature,
considering that they don't degrade with time. It also works better with the
pattern-type unlock screen on android (but not so well with the pin-type).

That reminds me, you could build a system that records and highlights the
smudges (by using a circular arrangement of LEDs and a fixed camera, or by
taking pictures from multiple angles under a single light source). It should
make a good weekend project, maybe I'll try it :)

------
raziel2701
This was a common mechanic in the splinter cell games, you'd wait for a guard
to go through a door with a keypad and you'd put on your thermal vision
goggles to find the 4 numbers. I guess that now that thermal cameras are
becoming more ubiquitous this has jumped closer to reality. Back then I can't
imagine there were thermal cameras that were small and cheap. Nowadays you can
get a flir lens for your phone at about $200 - $300 if I recall correctly.

~~~
Animats
Cat Phones (yes, Caterpillar Tractor) offered the first phone with an IR
imager. They intended this for industry and construction, where you're
sometimes looking for things that are overheating, or heat leaks. It combines
the visual and IR images, so you can see the outlines of what you're looking
at. Their customer base has a real use case for this feature.

Like other Cat phones, but unlike the USB-port devices, it's not fragile.[2]

[1] [http://www.catphones.com/en-us/](http://www.catphones.com/en-us/) [2]
[https://www.youtube.com/watch?v=mVPku-
xItv8](https://www.youtube.com/watch?v=mVPku-xItv8)

~~~
MrDosu
I used a CAT phone for hiking for a while and at first I was quite impressed
by the sturdiness (dropped it on rocks multiple meters a couple of times). But
there are some design flaws where the connectors are just covered by plastic
plugs that leak water after a while and its not waterproof anymore. Would not
buy one again.

------
Exofunctor
I recommend that everyone use an extended-length PIN for your phone. Both
Android and iPhone support it. Mine is 12 digits; a bit of extra time, but
vastly more difficult to brute-force or shoulder-surf.

~~~
fpoling
Why digits and not a real password? I have found that typing 10 letters is not
too inconvenient on a phone.

~~~
bradknowles
The size of the alphanumeric keyboard is a real problem for me when trying to
enter a password to open my device.

Sure, I can do it, but it really slows me down, and makes the value of the
password a lot less to me.

I'd rather use a longer and more complex PIN on a much larger keyboard.
Preferably one that re-uses at least some of the numbers, so they might have
an idea of how long the PIN is, but they might have a harder time figuring out
what the correct order of the numbers is.

At least, that's my current view. That might change tomorrow. ;)

------
givinguflac
Most of this risk is mitigated with finger print auth like Touch ID. Though,
nothing is perfect.

~~~
fnordfnordfnord
Fingerprint auth exposes you to court-ordered unlocking though.

~~~
knodi123
not necessarily, if you use several sequential fingerprints in a certain
order, and have a hard lockout after X failures. My phone knows 6 of my
fingerprints already; shouldn't be hard to get that additional level of
"something you know" in addition to "something you are".

~~~
knodi123
I wonder why someone would downvote this without reply? It's a perfectly
reasonable suggestion, would be trivial to implement, and would be both a
password and a biometric. That's two-factor authentication.

Somebody's a real humbug.

------
ralf07
Easy fix. Number pad should come up with numbers in different random order
each time.

~~~
bch
That'll break for people who use "shapes" on the keypad.

~~~
__s
Imagine numpad in your mind to play shape on to extract sequence

~~~
Insanity
I can't say if this is a serious answer or not.. But either way it does hold
something potentially valuable. Show a numpad and have a "connect the numbers"
passphrase, just like you draw the shame now. And you connect X numbers that
you choose yourself

Next you can just shuffle the numbers each time, making the pattern random
whilst still using the shapes.

~~~
unwind
I guess s/shame/shape/ is in order, took me a while to parse that. :)

~~~
Insanity
Oh yeah, that makes a lot more sense doesn't it! ^^

------
nkassis
Solution add a feature to warm up the screen to exactly 98 degrees to avoid
detection. Learned this from sneakers.

~~~
alex-
Another (cheaper?) solution would be to randomise the location of the keys
each unlock attempt.

It would cause me a massive problem - I basically only remember my pattern

~~~
prawn
One of my banks does this for online PIN entry and it's amazing how much it
slows you down not being able to do it via muscle memory.

