Are smartphone thermal cameras sensitive enough to uncover PIN codes?
I’m a huge proponent of the thermal cameras built into smartphones. They’re a super handy tool for the DIYers, engineers, and technicians. They give you a superpower — the ability to see heat.
Why is this useful?
I’ve found a lot of reasons – from finding components that are overheating (which can indicate faulty components), identifying overheating wires and connectors (which can indicate damaged wires or connectors), diagnosing issues with HVAC, find draughts at home, and much, much more.
Also: This $10 gadget is my favorite repair tool of all time
I started out thinking that these cameras were gimmicks, but they’ve become an important tool in the toolbox.
But there’s a question I get asked a lot about these cameras – how sensitive are they?
So, I came up with a test. A rather simple one, but at the same time one that will push the capability of the thermal cameras.
Could they be used to help uncover a PIN code?
Also: How to strip wires like a pro (and my must-have tools)
The test is simple. I’m going to take the awesome Apricorn Aegis NVX encrypted SSD, put it in front of a thermal camera, and see if entering a PIN code leaves a “thermal residue.” There’s a research paper by the University of Glasgow on just this kind of attack, but I wanted to see if a budget version of it would work.
So I set up the two different thermal cameras in front of the secure hard drive to see just how sensitive these cameras are.
The first thermal camera is a FLIR Lepton camera built into the new Blackview BV8900.
Next up is the standalone InfiRay P2 Pro thermal camera (this plugs into the USB-C port, but there’s also a version available for the iPhone).
So, what can we see in these videos?
Well, first off, the alignment between the thermal camera and the regular camera on the BV8900 is not good. This is why the outline of the drive and th thermal image are offset. There is a tool for aligning the images in the software, but I’ve not yet done this. Also, the image is a bit juddery.
Also: The best rugged phones
However, despite all this, the thermal residue of the keypresses remains visible for quite a few seconds.
The P2 Pro thermal camera offers a much clearer output, but the thermal residue isn’t as obvious. This isn’t down to the camera, but instead to the rising ambient temperatures of the room and the drive.
But the prints are still visible for quite a few seconds.
This is a pretty tough test.
Not only because the key presses are quick, giving little time for heat to transfer, but also because here in the UK we’re experiencing a heatwave with temperatures hovering around 90 degrees F (nothing compared to some places, but in a country where aircon is a luxury, this is hot!) so the drive is much warmer that it would normally be, and this is masking the temperature differences.
Also: This rugged Android phone is so enormous you can use it as a power bank, too
So, these thermal cameras are good.
Very good.
They’re more than good enough to uncover PIN codes entered onto keypads — as long as you arrive at the scene within seconds of the PIN being entered.
That kind of sensitivity is plenty good enough for most of us. If you need more, then you need something like the FLIR C5 thermal camera, with its 160 x 120 display and a temperature range of -20 to 400ºC (-4 to 752ºF).
READ MORE HERE