Your pin sounds good! augmentation of pin guessing strategies via audio leakage

Matteo Cardaioli*, Mauro Conti, Kiran Balagani, Paolo Gasti

*Corresponding author for this work

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

2 Citations (Scopus)


Personal Identification Numbers (PINs) are widely used as the primary authentication method for Automated Teller Machines (ATMs) and Point of Sale (PoS). ATM and PoS typically mitigate attacks including shoulder-surfing by displaying dots on their screen rather than PIN digits, and by obstructing the view of the keypad. In this paper, we explore several sources of information leakage from common ATM and PoS installations that the adversary can leverage to reduce the number of attempts necessary to guess a PIN. Specifically, we evaluate how the adversary can leverage audio feedback generated by a standard ATM keypad to infer accurate inter-keystroke timing information, and how these timings can be used to improve attacks based on the observation of the user’s typing behavior, partial PIN information, and attacks based on thermal cameras. Our results show that inter-keystroke timings can be extracted from audio feedback far more accurately than from previously explored sources (e.g., videos). In our experiments, this increase in accuracy translated to a meaningful increase in guessing performance. Further, various combinations of these sources of information allowed us to guess between 44% and 89% of the PINs within 5 attempts. Finally, we observed that based on the type of information available to the adversary, and contrary to common knowledge, uniform PIN selection is not necessarily the best strategy. We consider these results relevant and important, as they highlight a real threat to any authentication system that relies on PINs.

Original languageEnglish
Title of host publicationComputer Security – ESORICS 2020 - 25th European Symposium on Research in Computer Security, Proceedings
EditorsLiqun Chen, Steve Schneider, Ninghui Li, Kaitai Liang
Number of pages16
ISBN (Print)9783030589509
Publication statusPublished - 2020
Externally publishedYes
Event25th European Symposium on Research in Computer Security, ESORICS 2020 - Guildford, United Kingdom
Duration: 14 Sept 202018 Sept 2020

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12308 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference25th European Symposium on Research in Computer Security, ESORICS 2020
Country/TerritoryUnited Kingdom


Dive into the research topics of 'Your pin sounds good! augmentation of pin guessing strategies via audio leakage'. Together they form a unique fingerprint.

Cite this