Your PIN Sounds Good! On The Feasibility of PIN Inference Through Audio Leakage
This poses a serious security problem for systems using PIN-based authentication, such as ATMs and PoS devices, by exploiting audio leakage to reduce guessing attempts drastically.
The paper tackles the problem of PIN inference by extracting inter-keystroke timing from audio feedback during PIN entry, achieving 98% accuracy with a mean error of 0.13 +/- 6.66 milliseconds and guessing 72% of 4-digit PINs within 3 attempts.
Personal Identification Numbers (PIN) are widely used as authentication method for systems such as Automated Teller Machines (ATMs) and Point of Sale (PoS). Input devices (PIN pads) usually give the user a feedback sound when a key is pressed. In this paper, we propose an attack based on the extraction of inter-keystroke timing from the feedback sound when users type their PINs. Our attack is able to reach an accuracy of 98% with a mean error of 0.13 +/-6.66 milliseconds. We demonstrate that inter-keystroke timing significantly improves the guessing probability of certain subsets of PINs. We believe this represents a security problem that has to be taken into account for secure PIN generation. Furthermore, we identified several attack scenarios where the adversary can exploit inter-keystroke timing and additional information about the user or the PIN, such as typing behavior. Our results show that combining the inter-keystroke timing with other information drastically reduces attempts to guess a PIN, outperforming random guessing. With our attack, we are able to guess 72% of the 4-digit PINs within 3 attempts. We believe this poses a serious security problem for systems that use PIN-based authentication.