Damn You Smart Phones – iPhone ATM Hack

Last Updated on August 22, 2023

There has always been a huge potential problem with technology crime. But fortunately although the risk has obviously increased as our lives become increasingly digital – the potential has never been quite realised.  The saving grace has always been that the only people technically capable of operating techno-crime have been the geeks who really have no real inclination to build up a criminal empire.  Actually that’s not quite true, they often empire build but it’s  normally in Second life or perhaps the plains of Azeroth (World of Warcraft).  But the basic idea is that those who have the knowledge, didn’t have the inclination and vice-versa, unfortunately that is starting to change.

computercrime

The dumbing down of every piece of technology has been coming at an alarming rate.  For example only last week I met someone who had no idea about what their IP address was or what TCP/IP stood for but had managed to install a version of Linux on their laptop to use as a Smart DNS server.  This was horrifying to me, even the user friendly installations of Linux distros that I had grew up with took a huge effort and infinite patience to install even if you worked in IT.

It’s kind of scary, for the two criminal options where slowly becoming three – we were moving from these possibilities –

  • Techno Geek Criminal
  • Criminal Organisation that hired/blackmailed/controlled Techno Geek

To the worrying possibility that a third option appeared – that the criminals themselves could actually figure out ways to operate 21st century crimes.  Which brings me back to the alleged subject of this post – a nice little criminal enterprise that anyone can operate with a little investment, an app and an iPhone.

thermalcrime

It’s based on the extremely profitable crime of stealing directly from accounts using an ATM.  The easy bit at the moment is nicking peoples card or their details and creating a clone card.  You can nick peoples card details by a variety of methods either by physically having access to a card, perhaps when you buy petrol or pay for a meal.  Or even easier using a RF identification scanner that can nick all your card details from a couple of feet away. Machines to create cards from these details are readily available and simple to use too.

But of course, unless you’re very stupid and use the card to order 20 television sets to your grandma’s address, the cloned card is of little use.  What you need to turn it into a cash machine is the PIN number, where you can withdraw real cash from the ATM machines.  The old fashioned methods of obtaining this via torture, threats and kidnap obviously can potentially work but increase the risks to the criminal significantly (thank goodness!).

SO how can you get someone’s PIN number using a Smart Phone, well the gadget you need is here – http://shop.flir.com/dp/B00K0PXFB6, it’s called the FLIR ONE and it’s an infrared personal thermal imager that is compatible with the iPhone 5 and above.

Still sounds too geeky to be a worry, well think again.  All your newly enabled cyber crook needs to do is hover around  you and copy your card details (or nick your card after), then use this device to work out your PIN number.  You just need to wait until the card owner uses an ATM or other keypad to enter their pin and then scan the keys using the FLIR  which will pick out the key presses and the order based on the heat signatures on the keys.

Worryingly it actually works in practice as well as theory.