Algorithm trained by researchers can guess bank passwords
Every ATM has a notice asking its users to make sure no one is looking at them when they enter their bank account password, but research has shown that the notice, in the future, it will also have to warn about virtual risks.
- Acer admits leaking of information from sellers and distributors
- The world’s biggest botnet steals millions of dollars with a single swipe
- Accenture confirms data theft in ransomware attack carried out in August
A deep learning algorithm was trained by researchers at the University of Padua in Italy to guess bankcard passwords from videos of people using ATMs. He managed to get the combination right 55% of the time, even in cases where the footage showed the keyboard hidden by hands.
Deep learning (deep learning) is an artificial intelligence (AI) function which aims to mimic the functioning of the human brain in processing data and creating patterns for use in decision making, being the ideal technology for a password-guessing algorithm.
Want to catch up on the best tech news of the day? Access and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news from the tech world for you!
The experiment was performed on a computer with Xeon E5 processor-2670 with 92 GB of RAM and three Tesla K GPUs20m with 5 GB of RAM each, expensive components commonly used in data centers.
How the study took place
The first step of the study was the making of a replica of the ATM used by the guinea pigs in the laboratory, since the specific dimensions and spacing of each one Keystrokes are important factors in algorithm training. Afterwards, the deep learning model was trained with 5,2670 videos of 75 different people entering the four- and five-digit passwords for their cards. The algorithm finally showed a series of combinations, and the probability of them being correct.
The researchers analyzed three guessing attempts on the algorithm per test, based on the common number of mistakes people might make before blocking their cards. During these attempts, the algorithm was able to reconstruct the correct sequence 41% of the time, in five-digit cases, and 41%, in four digits.
Algorithm training, in addition to making it able to predict which buttons were pressed from the subjects’ movements, also taught the deep learning model to exclude keys from the hand position of the filmed person.
Camera position also proved important in the study, with the researchers placing a capture device in a small hole at the top of the ATM being the ideal procedure for this method. If the device is a model capable of capturing audio, the algorithm can be trained to identify the key by the sounds emitted, which have small differences.
How to protect yourself
The study showed that just covering the ATM keyboards is not a sufficiently effective protection, considering a future where these algorithms could be used by criminals for data theft, but can help mitigate risks, with survey data indicating that a keyboard 58% covered, left the accuracy of the deep learning model at 0,41 from a maximum of 1, and if fully covered, the same number drops to 0,30.
Those responsible for the study recommend that customers of banks that offer the option of passwords with more than four digits, use it, as the survey also found that, in cases where the password is card is composed of five digits, the effectiveness of the algorithm was affected.
Finally, a last suggestion by the researchers to reduce risks is the use of virtual and randomized keyboards in ATMs. While this solution is a logistical nightmare for financial institutions, with the costs involved in switching, it is the best way to avoid that, in the future, algorithms like these could present critical dangers.
It is worth noting that the researchers conducted the same study with 78 human participants, and they only managed to get the passwords right in 7.78% of attempts, rate considered inefficient for the use of this tactic by people.
Source: BleepingComputer
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.