skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: We Can Hear Your PIN Drop: An Acoustic Side-Channel Attack on ATM PIN Pads
Personal Identification Numbers (PINs) are the most common user authentication method for in-person banking transactions at ATMs. The US Federal Reserve reported that, in 2018, PINs secured 31.4 billion transactions in the US, with an overall worth of US$ 1.19 trillion. One well-known attack type involves the use of cameras to spy on the ATM PIN pad during PIN entry. Countermeasures include covering the PIN pad with a shield or with the other hand while typing. Although this protects PINs from visual attacks, acoustic emanations from the PIN pad itself open the door for another attack type. In this paper, we show the feasibility of an acoustic side-channel attack (called PinDrop) to reconstruct PINs by profiling acoustic signatures of individual keys of a PIN pad. We demonstrate the practicality of PinDrop via two sets of data collection experiments involving two commercially available metal PIN pad models and 58 participants who entered a total of 5,800 5-digit PINs. We simulated two realistic attack scenarios: (1) a microphone placed near the ATM (0.3 m away) and (2) a real-time attacker (with a microphone) standing in the queue at a common courtesy distance of 2 m. In the former case, we show that PinDrop recovers 96% of 4-digit, and up to 94% of 5-digits, PINs. Whereas, at 2 m away, it recovers up to 57% of 4-digit, and up to 39% of 5-digit PINs in three attempts. We believe that these results are both  more » « less
Award ID(s):
1814846
PAR ID:
10427383
Author(s) / Creator(s):
Date Published:
Journal Name:
ESORICS 2022
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, 2020 IEEE Symposium on Security and Privacy (SP))
    In this paper, we provide the first comprehensive study of user-chosen 4- and 6-digit PINs ($$\mathbf{n=1220}$$) collected on smartphones with participants being explicitly primed for device unlocking. We find that against a throttled attacker (with 10, 30, or 100 guesses, matching the smartphone unlock setting), using 6-digit PINs instead of 4-digit PINs provides little to no increase in security, and surprisingly may even decrease security. We also study the effects of blacklists, where a set of ``easy to guess'' PINs is disallowed during selection. Two such blacklists are in use today by iOS, for 4-digits (274 PINs) as well as 6-digits (2910 PINs). We extracted both blacklists compared them with four other blacklists, including a small 4-digit (27 PINs), a large 4-digit (2740 PINs), and two placebo blacklists for 4- and 6-digit PINs that always excluded the first-choice PIN. We find that relatively small blacklists in use today by iOS offer little or no benefit against a throttled guessing attack. Security gains are only observed when the blacklists are much larger, which in turn comes at the cost of increased user frustration. Our analysis suggests that a blacklist at about 10\,\% of the PIN space may provide the best balance between usability and security. 
    more » « less
  2. ; ; (, Advances in Cryptology – EUROCRYPT 2019)
    We improve the attack of Durak and Vaudenay (CRYPTO'17) on NIST Format-Preserving Encryption standard FF3, reducing the running time from $O(N^5)$ to $$O(N^{17/6})$$ for domain $$Z_N \times Z_N$$. Concretely, DV's attack needs about $$2^{50}$$ operations to recover encrypted 6-digit PINs, whereas ours only spends about $$2^{30}$$ operations. In realizing this goal, we provide a pedagogical example of how to use distinguishing attacks to speed up slide attacks. In addition, we improve the running time of DV's known-plaintext attack on 4-round Feistel of domain $$Z_N \times Z_N$$ from $O(N^3)$ time to just $$O(N^{5/3})$$ time. We also generalize our attacks to a general domain $$Z_M \times Z_N$$, allowing one to recover encrypted SSNs using about $$2^{50}$$ operations. Finally, we provide some proof-of-concept implementations to empirically validate our results. 
    more » « less
  3. ; ; ; (, IEEE)
    Regular user interface screens can display dense and detailed information to human users but miss out on providing somatosensory stimuli that take full advantage of human spatial cognition. Therefore, the development of new haptic displays can strengthen human-machine communication by augmenting visual communication with tactile stimulation needed to transform information from digital to spatial/physical environments. Shape-changing interfaces, such as pin arrays and robotic surfaces, are one method for providing this spatial dimension of feedback; however, these displays are often either limited in maximum extension or require bulky mechanical components. In this paper, we present a compact pneumatically actuated soft growing pin for inflatable haptic interfaces. Each pin consists of a rigid, air-tight chamber, an inflatable fabric pin, and a passive spring-actuated reel mechanism. The device behavior was experimentally characterized, showing extension to 18.5 cm with relatively low pressure input (1.75 psi, 12.01 kPa), and the behavior was compared to the mathematical model of soft growing robots. The results showed that the extension of the soft pin can be accurately modeled and controlled using pressure as input. Finally, we demonstrate the feasibility of implementing individually actuated soft growing pins to create an inflatable haptic surface. 
    more » « less
  4. ; ; ; (, Communications of the American Mathematical Society)
    In studying the “11/8-Conjecture” on the Geography Problem in 4-dimensional topology, Furuta proposed a question on the existence of Pin ⁡ ( 2 ) \operatorname {Pin}(2) -equivariant stable maps between certain representation spheres. A precise answer of Furuta’s problem was later conjectured by Jones. In this paper, we completely resolve Jones conjecture by analyzing the Pin ⁡ ( 2 ) \operatorname {Pin}(2) -equivariant Mahowald invariants. As a geometric application of our result, we prove a “10/8+4”-Theorem. We prove our theorem by analyzing maps between certain finite spectra arising from B Pin ⁡ ( 2 ) B\operatorname {Pin}(2) and various Thom spectra associated with it. To analyze these maps, we use the technique of cell diagrams, known results on the stable homotopy groups of spheres, and the j j -based Atiyah–Hirzebruch spectral sequence. 
    more » « less
  5. ; ; ; ; (, Soft Matter)
    null (Ed.)
    Simulations are used to find the zero temperature jamming threshold, ϕ j , for soft, bidisperse disks in the presence of small fixed particles, or “pins”, arranged in a lattice. The presence of pins leads, as one expects, to a decrease in ϕ j . Structural properties of the system near the jamming threshold are calculated as a function of the pin density. While the correlation length exponent remains ν = 1/2 at low pin densities, the system is mechanically stable with more bonds, yet fewer contacts than the Maxwell criterion implies in the absence of pins. In addition, as pin density increases, novel bond orientational order and long-range spatial order appear, which are correlated with the square symmetry of the pin lattice. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email