In short, virtually all keypad entry systems – as used in various applications,
including building access control, alarm system control, electronic lock safes,
ATM input, etc – are
susceptible to a trivial low-profile passphrase snooping scheme. This attack enables
the attacker to quickly and unobtrusively recover previously entered passphrases with
a high degree of success. This is in contrast to previously documented methods of
keypad snooping; these methods were in general either highly intrusive – required
close presence or installation of specialized hardware – or difficult to carry
out and not very reliable (e.g., examining deposited fingerprints – works in
low-use situations only, and does not reveal the ordering of digits).
including building access control, alarm system control, electronic lock safes,
ATM input, etc – are
susceptible to a trivial low-profile passphrase snooping scheme. This attack enables
the attacker to quickly and unobtrusively recover previously entered passphrases with
a high degree of success. This is in contrast to previously documented methods of
keypad snooping; these methods were in general either highly intrusive – required
close presence or installation of specialized hardware – or difficult to carry
out and not very reliable (e.g., examining deposited fingerprints – works in
low-use situations only, and does not reveal the ordering of digits).
So if you have a $5000-$10,000 toy, you can pull this off.
I guess that's chump change for serious thieves. Read the full
article.