Jump to content



Photo

Cracking Your PIN Code: Easy as 1-2-3-4

data genetics splashdata security birth year

  • Please log in to reply
54 replies to this topic

#16 n_K

n_K

    Neowinian Senior

  • 5,364 posts
  • Joined: 19-March 06
  • Location: here.
  • OS: FreeDOS
  • Phone: Nokia 3315

Posted 27 December 2012 - 15:03

Berry says a whopping 26.83% of all passwords could be guessed by attempting just 20 combinations of four-digit numbers (see first table). "It's amazing how predictable people are," he says.

This guy obviously doesn't have a clue how smart cards (bank cards) work then, they're pretty similiar to SIM cards in that you have 3 attempts to input the correct pin, the bank machine transmits the PIN to the card, if it is wrong, it is not the bank machine that logs it but the smart card, after 3 wrong attempts, the smart card refuses to accept any more pin numbers and locks itself out (there is no PUK code for bank cards as there are SIM cards) and so the machine keeps it. Older cards would just refuse to accept any more PIN attempts but keep all the data in the smart card, newer cards destroy all data on the card when 3 attempts have been failed, because you can in theory reset the count or read off the data using a very powerful microscope though you'd have to know exactly where to look.


#17 +Nik L

Nik L

    Where's my pants?

  • 34,007 posts
  • Joined: 14-January 03

Posted 27 December 2012 - 15:09

Besides the 3 times limit, what about the security camera taking your picture ?


Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * £50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the £200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.

#18 Draconian Guppy

Draconian Guppy

    LippyZillaD Council

  • 13,964 posts
  • Joined: 22-August 04
  • Location: Neowin

Posted 27 December 2012 - 15:15

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems

Yay! I guess that's one for Honduras, Central America :p

So we have poverty, bad public health care, education, insecurity, no value of life ( eg. getting shot for cellphone)... But we have swiping only ATMS :p

Posted Image

Posted Image

#19 +Nik L

Nik L

    Where's my pants?

  • 34,007 posts
  • Joined: 14-January 03

Posted 27 December 2012 - 15:19

I'd not put my card anywhere near that machine. The plastic bezel on the front looks so fake and "stuck-on", like one of the "skimmers" that people use over here.

Not saying it is, but it looks it.

#20 Brian M.

Brian M.

    Neowinian Senior

  • 12,605 posts
  • Joined: 07-January 05
  • Location: London, UK

Posted 27 December 2012 - 15:22

Unfortunately: myth! I had my card cloned. Long story with people saying it can't be done, it's never done - oh look it's been done. Basically my bank trying to find any reason to pin the 4 * £50 withdrawals on me (4 spots around London, on a day I could prove I was in Leicester). I got the police involved (even though my bank tried to convince me otherwise and take the £200 hit myself). I knew nobody would be caught/arrested but point of calling police involvement was to call the banks bluff. Anyway, police told me that there are no cameras in the majority of ATMs.


I had a similar issue with Lloyds TSB - had my card "cloned" and spent in France. Bank told me outright that they were not responsible, and I must have given my PIN to someone. I complained to the FSA, who found that Lloyds had authorised the transactions on my cloned card without chip and pin (when they got the signature from the retailer, it was actually an exact copy of mine from the card, but I could prove I wasn't in France at that time), and made Lloyds pay out the £150, plus £140 odd in compensation for my time.

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.

#21 Azusa

Azusa

    Neowinian Senior

  • 10,000 posts
  • Joined: 07-December 04

Posted 27 December 2012 - 15:22

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?

#22 Draconian Guppy

Draconian Guppy

    LippyZillaD Council

  • 13,964 posts
  • Joined: 22-August 04
  • Location: Neowin

Posted 27 December 2012 - 15:25

The first image is a "sorta" of close up of the second, if you can see, they're not the same, the one we have is the second one, I just needed something that pointed out the "swiping" part :p

Not all our banks have these though, a couple still have the "insert and eat" type.

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?


In third world hell, I just avoid them, unless I really, really have too :s

#23 +Nik L

Nik L

    Where's my pants?

  • 34,007 posts
  • Joined: 14-January 03

Posted 27 December 2012 - 15:27

In my opinion, the fact that it's been proven many times that the PIN can be bypassed easily is more worrying than people using common PIN codes.


It's part of the spec, the ability to bypass - it's a "fallback option" but thus negates all security. However, the onus of responsibility for the chargeback is placed on the terminal/merchant.

#24 Anibal P

Anibal P

    Neowinian

  • 4,164 posts
  • Joined: 11-June 02
  • Location: Waterbury CT
  • OS: Win 8.1
  • Phone: Android

Posted 27 December 2012 - 15:28

Not sure what Banks you all use, mine USAA locks you out of the online side after 3 errors same as with an ATM, then it takes a phone call to unlock either, stopped trying to enter passwords while not fully awake

#25 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • 7,273 posts
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 27 December 2012 - 15:30

all the new ATM's around me you still have to put your card into it and it takes it until you are done... and these are brand new systems


All of the Bank of America ATM's here were recently changed to where you put the card in and it spits it back out right away, then you enter your pin. I think it is to stop people from forgetting to 1: Press "Done' and 2: Leaving their cards behind.

And if the person drives away now before pressing done, and they request any other transaction they have to re-put their pin number back in.

#26 Pupik

Pupik

    Neowinian Senior

  • 6,141 posts
  • Joined: 09-December 05

Posted 27 December 2012 - 15:33

on the topic of safety at the ATM am I the only one who looks for a bank that has them inside before using an ATM?

Looks like it. I always check the ATMs outside and inside to see where the line is shorter to get things done quickly. And most of the times, the lines are shorter inside. Sometimes you only have people standing in line at the ATM outside and no one inside, as people are too lazy to get inside the bank to use the ATM there.

#27 Richteralan

Richteralan

    Neowinian Senior

  • 2,354 posts
  • Joined: 03-February 03
  • Location: Madison, Wisconsin
  • OS: Windows 7 Pro
  • Phone: Nexus 4 E960

Posted 27 December 2012 - 16:28

So easy. Remember your PIN as patterns on the keypad, instead of numbers.

You are welcome. It's called think outside the box.

#28 arachnoid

arachnoid

    Times a Ticking

  • 3,235 posts
  • Joined: 03-November 11

Posted 27 December 2012 - 16:32

Two tricks they use alongside a skimmer is for a man to stand behind you with a mobile in his hand as you enter the pin and just note it onto the device,hence the introduction in the UK of the [useless] yellow box near the ATM.The other more subtle is the placing of a downward facing camera on the housing above the keypad which films your keystrokes as you make them.
Which is why you should cover your hand as you enter your pin.

#29 +LogicalApex

LogicalApex

    Software Engineer

  • 6,163 posts
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 27 December 2012 - 17:13

This guy obviously doesn't have a clue how smart cards (bank cards) work then, they're pretty similiar to SIM cards in that you have 3 attempts to input the correct pin, the bank machine transmits the PIN to the card, if it is wrong, it is not the bank machine that logs it but the smart card, after 3 wrong attempts, the smart card refuses to accept any more pin numbers and locks itself out (there is no PUK code for bank cards as there are SIM cards) and so the machine keeps it. Older cards would just refuse to accept any more PIN attempts but keep all the data in the smart card, newer cards destroy all data on the card when 3 attempts have been failed, because you can in theory reset the count or read off the data using a very powerful microscope though you'd have to know exactly where to look.


Depends on the country. In the US ATM cards don't use smart cards and as such don't have this layer of "protection".

I wrapped protection in quotes because the smart card may be duplicated rendering this security moot.

#30 arachnoid

arachnoid

    Times a Ticking

  • 3,235 posts
  • Joined: 03-November 11

Posted 27 December 2012 - 17:19

You could probably also launder payments through foriegn payment services that are not as clean as those in the US/UK