[gluecode]

I wonder if ATM machines should have a keyboard cooling function to erase thermal signatures, immediately after each customer session.

[LaputanMachine]

There would still be a temperature difference for some time after entering a PIN until the keys used are fully cooled. So this method might not fully mitigate the attack.

A better solution could be to heat the keys to about the same temperature as a human's finger tips, so that no heat is being transferred while entering a PIN.

[jaclaz]

Exactly, easier and much more effective than the mitigation suggested by the scientists:

>One potential risk-reduction pathway could be to make it illegal to sell thermal cameras without some kind of enhanced security included in their software.

[Arrath]

I'm curious what kind of software solution there could be to this?

Some from of pattern matcher in the camera obscuring the video output when it determines its observing a number pad?

[jaclaz]

Maybe something loosely similar to the protection that is said to be present in very high level colour photocopier that prevents from photocopying money?

[chrischen]

I've always just used my credit card holder (metal) to punch in numbers, due to this heat thing. They were doing this with pins before this technique.

[jerpint]

I had seen a video demoing an attack like this some while ago and I started "wiping" keypads with my fingers so they're all "warm"

[bilekas]

This is actually a great point I hadn't even considered. I had heard of cretins using a small grease film like a tiny layer of vasolene etc on pinpads and then after the victim uses, they would shine a light on it to see.

[dijonman2]

Grease films are typically detected by the user. Better to dust the keys with a UV sensitive powder and inspect the ATM after pin entry.