Saturday, 25 August 2012
EINDHOVEN – Is the PIN code of your bank pass 2580? That is not the most secure code. Thieves watching remotely could easily crack this code by following your hand movements at the ATM. Two students Technical Mathematics at the TU/e calculated which codes are safe and which are not.
Many PIN codes can be cracked by looking at the direction of hand movements. Only a limited number of combinations fit with each series of hand movements, and a thief can try out three possible codes before a pass blocks; shielding the hand while withdrawing is certainly useful, according to the students.Students Anne Eggels and Aukje Boef got as assignment for their study to mathematically determine how much information they can find out remotely about keyed PIN codes. Their calculations show that by looking at the direction of the hand movements, much information is exposed.For example someone who goes down with the hand three times, and nowhere aside, enters the code 2580. Likewise, a total of 54 codes can be identified with certainty by means of the hand movements, which anyone can see for example in line at the store checkout, or by watching remotely with a camera.292 codes have hand movements which can be reduced to a maximum of three possible codes. Because a thief can make three attempts before a pass blocks, the watching of hand movements for these 292 codes gives access to the bank account with certainty. This is almost three percent of all codes. The thief must of course still steal the bank pass.The best is a code which requires making as many hand movements in opposite directions as possible. Doing that , many possible codes which fit with that set of movements remain.Source: Eindhoven Dichtbij