Abstract
Personal Identification Numbers (PINs) are the most common user authentication method for in-person banking transactions at ATMs. The US Federal Reserve reported that, in 2018, PINs secured 31.4 billion transactions in the US, with an overall worth of US$ 1.19 trillion.
One well-known attack type involves the use of cameras to spy on the ATM PIN pad during PIN entry. Countermeasures include covering the PIN pad with a shield or with the other hand while typing. Although this protects PINs from visual attacks, acoustic emanations from the PIN pad itself open the door for another attack type. In this paper, we show the feasibility of an acoustic side-channel attack (called \(\mathcal PinDrop\)) to reconstruct PINs by profiling acoustic signatures of individual keys of a PIN pad. We demonstrate the practicality of \(\mathcal PinDrop\) via two sets of data collection experiments involving two commercially available metal PIN pad models and 58 participants who entered a total of 5,800 5-digit PINs. We simulated two realistic attack scenarios: (1) a microphone placed near the ATM (0.3 m away) and (2) a real-time attacker (with a microphone) standing in the queue at a common courtesy distance of 2 m. In the former case, we show that \(\mathcal PinDrop\) recovers 96% of 4-digit, and up to 94% of 5-digits, PINs. Whereas, at 2 m away, it recovers up to 57% of 4-digit, and up to 39% of 5-digit PINs in three attempts. We believe that these results are both significant and worrisome.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Dataset link: https://spritz.math.unipd.it/projects/PINDrop.
- 2.
- 3.
References
Anand, S.A., Saxena, N.: Keyboard emanations in remote voice calls: password leakage and noise (less) masking defenses. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 103–110 (2018)
Asonov, D., Agrawal, R.: Keyboard acoustic emanations. In: IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004. pp. 3–11. IEEE (2004)
ATM Industry Association. http://www.atmia.com
Bakowski, A., Radziszewski, L., Dekỳš, V., Šwietlik, P.: Frequency analysis of urban traffic noise. In: 2019 20th International Carpathian Control Conference (ICCC), pp. 1–6. IEEE (2019)
Balagani, K., et al.: Pilot: password and pin information leakage from obfuscated typing videos. J. Comput. Secur. 27(4), 405–425 (2019)
Berger, Y., Wool, A., Yeredor, A.: Dictionary attacks using keyboard acoustic emanations. In: Proceedings of the 13th ACM conference on Computer and communications security, pp. 245–254 (2006)
Bond, M., Choudary, O., Murdoch, S.J., Skorobogatov, S., Anderson, R.: Chip and skim: cloning emv cards with the pre-play attack. In: 2014 IEEE Symposium on Security and Privacy, pp. 49–64. IEEE (2014)
Cardaioli, M., Conti, M., Balagani, K., Gasti, P.: Your PIN sounds good! augmentation of PIN guessing strategies via audio leakage. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds.) ESORICS 2020. LNCS, vol. 12308, pp. 720–735. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58951-6_35
Cecconello, S., Compagno, A., Conti, M., Lain, D., Tsudik, G.: Skype & type: keyboard eavesdropping in voice-over-ip. ACM Trans. Privacy Secur. (TOPS) 22(4), 1–34 (2019)
Halevi, T., Saxena, N.: A closer look at keyboard acoustic emanations: random passwords, typing styles and decoding techniques. In: Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security, pp. 89–90 (2012)
Halevi, T., Saxena, N.: Keyboard acoustic side channel attacks: exploring realistic and security-sensitive scenarios. Int. J. Inf. Secur. 14(5), 443–456 (2014). https://doi.org/10.1007/s10207-014-0264-7
Hyosung, N.: cmax7600ta installation manual (2015). http://www.tetralink.com/core/media/media.nl/id.46617/c.4970910/.f?h=d919934a85943438b8fe. Accessed 30-Dec 2020
Liu, J., Wang, Y., Kar, G., Chen, Y., Yang, J., Gruteser, M.: Snooping keystrokes with mm-level audio ranging on a single phone. In: Proceedings of the 21st Annual International Conference on Mobile Computing and Networking, pp. 142–154 (2015)
Liu, X., Li, Y., Deng, R.H., Chang, B., Li, S.: When human cognitive modeling meets pins: user-independent inter-keystroke timing attacks. Comput. Secur. 80, 90–107 (2019)
Logan, B., et al.: Mel frequency cepstral coefficients for music modeling. In: Ismir. vol. 270, pp. 1–11 (2000)
Martinasek, Z., Clupek, V., Trasy, K.: Acoustic attack on keyboard using spectrogram and neural network. In: 2015 38th International Conference on Telecommunications and Signal Processing (TSP), pp. 637–641. IEEE (2015)
Monaco, J.V.: Sok: keylogging side channels. In: 2018 IEEE Symposium on Security and Privacy (SP), pp. 211–228. IEEE (2018)
Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and pin is broken. In: 2010 IEEE Symposium on Security and Privacy, pp. 433–446. IEEE (2010)
NationalCash Systems: ATM Statistics. http://www.nationalcash.com/statistics/
Panda, S., Liu, Y., Hancke, G.P., Qureshi, U.M.: Behavioral acoustic emanations: Attack and verification of pin entry using keypress sounds. Sensors 20(11), 3015 (2020)
Rochat, J.L., Reiter, D.: Highway traffic noise. Acoust. Today 12(4), 38 (2016)
Sean Kelly: Cell Phone Cameras Hidden Inside ATMs Cause Rise In Fraud (2018). http://www.opposingviews.com/category/cell-phone-cameras-hidden-inside-atms-cause-rise-fraud-throughout-britain
Sound and Video Understanding teams pursing Machine Perception research at Google: AudioSet: Traffic noise, roadway noise. http://research.google.com/audioset/dataset/traffic_noise_roadway_noise.html
de Souza Faria, G., Kim, H.Y.: Differential audio analysis: a new side-channel attack on pin pads. Int. J. Inf. Secur. 18(1), 73–84 (2019)
United States Attorney’s Office, District of Massachussets: Bulgarian National Pleads Guilty to ATM Skimming (2021). http://www.justice.gov/usao-ma/pr/bulgarian-national-pleads-guilty-atm-skimming
Wodo, W., Hanzlik, L.: Thermal imaging attacks on keypad security systems. In: SECRYPT, pp. 458–464 (2016)
Zhu, T., Ma, Q., Zhang, S., Liu, Y.: Context-free attacks using keyboard acoustic emanations. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security, pp. 453–464 (2014)
Zhuang, L., Zhou, F., Tygar, J.D.: Keyboard acoustic emanations revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(1), 1–26 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 A.1 8.1 Validation Results
Table 2 reports the results on the validation set for four different ML models. Results show that LR and SVC obtain the best results on PAD-1 and PAD-2, respectively.
1.2 B.2 8.2 Additional Results
In Fig. 8, we report the key accuracy results for PAD-2 (from both 0.3 m and 2 m). The results refer to the SVC model that achieved better performances on PAD-2.
In Fig. 9, we report an example for the digit “3” for all the four scenarios. All the other keys show similar behavior, highlighting no significant inter-class differences. Interestingly, we note a different distribution of classification errors between PAD-1 and PAD-2. In the first case, the error is uniformly distributed over all digits, in the second case, a higher concentration of errors is prominent around the true digit (i.e., digits 2, 5, and 6).
Key accuracy on the testing set for the best classifiers.
Digit “3” prediction heat maps for the four considered attack scenarios (the PIN pad layout is reported in Fig. 3). We reported the results for the experiment with 5 attackers and 500 digits entered per attacker
Figure 10 reports the PIN inference results within 3 attempts for PAD-2 and SVC model.
5-digit PINs inference performance within 3 attempts for the best classifiers
Figure 11 shows the results of \(\mathcal PinDrop\) trained on the perturbed PAD-2 dataset (configuration 500 digits per attacker) in inferring 5-digit PINs within three attempts. The graphs report results similar to those obtained on PAD-1.
Impact of noise source and SNR in the inference of 5-digit PINs within three attempts for PAD-2 and 500 digits per attacker
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Balagani, K., Cardaioli, M., Cecconello, S., Conti, M., Tsudik, G. (2022). We Can Hear Your PIN Drop: An Acoustic Side-Channel Attack on ATM PIN Pads. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13554. Springer, Cham. https://doi.org/10.1007/978-3-031-17140-6_31
Download citation
DOI: https://doi.org/10.1007/978-3-031-17140-6_31
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17139-0
Online ISBN: 978-3-031-17140-6
eBook Packages: Computer ScienceComputer Science (R0)