Skip to main content

iPhone Cases Can Steal ATM PINs

iPhone cases can be expensive, but you could always recoup the expense by engaging in some good old-fashioned ATM fraud. By using two perfectly legal devices — an infrared detection case and a radio frequency scanner — just about anyone can steal your PIN number and use it to fill their own coffers with your cash.

The information comes from security expert Graham Cluley writing for Intego, a Seattle-based company specializing in safeguarding Apple products. The "hack" in question involves an iPhone case known as the FLIR One — Infrared Accessory, which costs $349 and is available to everyone.

MORE: Best Smartphones on the Market Now

Here's how the hack works: a malefactor with a radio frequency identification (RFID) card reader and an infrared iPhone case waits behind you at an ATM. When you scan your card, he or she picks up your information wirelessly with the RFID device. After you leave, he or she scans the PIN pad with the infrared case and replicates the sequence of buttons you pressed (heat signatures dissipate quickly, so it's easy to tell the order of buttons you pressed).

While in theory, you could do this with any infrared scanner, few are as unobtrusive as the FLIR One. Holding an iPhone in a public space is perfectly innocuous; wearing a set of IR goggles, for example, is not.

While the Intego post may make it sound like anyone's ATM code is just a simple hack away, that's not entirely true. If you press additional PIN buttons or even just hold your hand on the keypad for an extra few seconds, a malefactor has no way of telling what your code is.

In fact, just having multiple cards in your wallet is probably enough to thwart an ATM skimmer. RFID scanners only work at very close range, and cannot differentiate between various credit or ATM cards from a few feet away. A skimmer could try every card sequence and PIN until he or she strikes gold, but he or she's much more likely to get shut out of the account first.

In either case, a few enterprising crooks are likely to try this method, so feel free to carry multiple cards and keep your fingers on the PIN pad for a few extra seconds if it will put your mind at ease.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at Follow him @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Marshall Honorof

Marshall Honorof is an editor for Tom's Guide, covering gaming hardware, security and streaming video. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.