International Association for Cryptologic Research (IACR)
Abstract
This paper presents a new attack on keyboards.
\smallskip
The attack consists in depositing on each keyboard key a small
ionic salt quantity ({\sl e.g.} some NaCl on key 0, some KCl on
key 1, LiCl on key 2, SrCl2​ on key 3, BaCl2​ on key 4,
CaCl2​ on key 5...). As the user enters his PIN, salts get mixed
and leave the keyboard in a state that leaks secret information.
Nicely enough, evaluating the entropy loss due to the chemical
trace turns out to be a very interesting combinatorial exercise.
\smallskip
Under the assumption that mass spectroscopic analysis can reveal with accuracy
the mixture of chemical compounds
generated by the user, we show that, for moderate-size
decimal PINs, the attack would generally disclose the PIN.
\smallskip
The attack may apply to door PIN codes, phone numbers dialed from
a hotel rooms, computer keyboards or even ATMs.
\ss
While we did not implement the chemical part of the attack, a number of mass spectrometry
specialists confirmed to the authors its feasibility