I am not sure if I am getting the question right, so bear with me. Whenever I withdraw money from ATM, I have to key in a pin. Now, different numbers have different ‘tone’ to it. Have there been any cases where an observational person could deduce the actual PIN number just by listening to what button is pressed?
If you mean the dual-tone multi-frequency (DTMF) tones, the answer is yes. These are the charaterisitc tones (actually a pair of tones, hence the name) made by the numbers (plus # and *) on a phone keypad. (There are more tone pairs than this, but these are the ones a user generates.)
However, an ATM is unlikey to use these tones, either as an aural feedback mechanism to the user, or for technical needs. It doesn’t need to use a tone encoding to transmitt the numbers to the rest of the machine from the keypad. Indeed most I have ever encounterd us the same beep for each key. Providing aural feedback for the sight impared might be a nice idea, but one would imagine that the security aspects would indeed be more critical. Also, you would need an established standard used by the sight impared.
There have been people who were quite adept at recognising the DTMF tones and thus any number sequence pressed on a phone keypad. It isn’t really that hard a skill.
Note - the dial tone is what you hear when you take a phone off the hook - it is the tone you hear that lets you know you can dial.
Well, assuming what you say is true, then it seems pretty obvious that an observant person could get your PIN by listening to you key it in. They would, of course, need to have each of the tones on the keypad, and in your PIN, either memorized or recorded for comparison. The vast majority of thieves aren’t going to go to the trouble; in most cases it would be easier to simply rob the card from you and threaten you with death or bodily harm to get your PIN.
I concur with another poster, though, that all the ATMs I’ve used, if they beep at all, issue the same beep for each keypress. Which ATM do you use that does otherwise?
I’ve never come across an ATM that uses different tones for each key either.
I assumed you were going to ask about listening in on a phone - on my telephone banking service, I have to enter my card number, expiry date and date of birth (but not PIN) using the keypad. If someone were listening in to that call, they could potentially discover this data I suppose.
I’ll double check if my ATM does use different tones.
ATMs don’t use phone keypads, so they don’t have DTMF tones.
Just because a keypad looks like a telephone, that doesn’t mean it is one…
ATMs dont usually make sounds and when they do they never give a unique tone per key. Ive used dozens of different models and have never noticed this. Some of the newer ones have headphone jacks for the blind. Perhaps those make sound, but that would be difficult to snoop.
That said, there’s research on figuring out what keys make what sound when you type on them with computer keyboards. Its unlikely that method can be used on ATMs as there are less keys and they are generally quieter, but who knows.
Just for the record, while telephone system keypads send DTMF tones thru the phone lines, the sound you hear while standing next to the system may be the same beep every time, probably a single tone that is unrelated to the ones used by the DTMF system. I have one home phone that does that, and another home phone that doesn’t.
You may have seen devices in the movies that, when fed an acoustic signal (perhaps one recorded thru a wiretap), decode the frequencies and outputs the corresponding digit, either as a display or a digital output. It is basically the same circuuit that decodes the tones at the recipient end of the phone connection anyway. Any hobbyist can buy a chip for a few cents that handles the technical details of the process.
FYI: There are sixteen pairs of tones in the original DTMF spec, a 4x4 matrix arranged in a column/row configuration. Only 12 are used in a typical phone keypad; the right-most column, sometimes labeled ABCD, is ignored.
When calling listeners, a typical radio show broadcasting live will mask the first few tones so that the number can’t be derived from the tones.
So yes, on a phone. No for reasons given above on an ATM.
There is no reason to use a DTMF tone on an ATM keypad. They just use beeps, so all the keypresses sound the same.
Way back in college, I made a DTMF analyzer for my mini project. Its pretty simple, when you take an FFT of the sound, you get 2 sharp peaks, and you can match the peaks to the number that is keyed in.
Bit of history - the 4 extra tones were used for the Autovon system, where they were used for precedence levels, as explained in that article.
There have been a few minor uses made of the 4 extra tones, but commercial telephony has largely ignored them.
And, yeah, my bank’s ATMs issue an identical beeps with each keypress to provide feedback. It’s slightly annoying.
I find the ones that don’t beep annoying - if the sun is shining on the screen it can be hard to see the asterisks appear as you type, and then you go to press enter and find that only three out of the four numbers have registered. (ATM buttons don’t usually give you much tactile feedback, and they’re often rather sticky.) With the beep, you know that it’s got your input.
Also, note the five-pointed star and “A” on that military keypad, rather than * and #. Civilian touchtone handsets included two keys for those tones, even though they had no specific use at the time of introduction. Bell Labs just figured they would eventually be useful, and actually undertook a study to determine what characters should be displayed on them. The * and “octothorpe” won.
And some Ham radio controllers made use of them, too.
There are other devices for which there is no reason to use a DTMF tone (GSM cellphones, for example), and yet those devices sometimes have them.
Never heard of it on a cash machine though, and I would have thought differential key tones on them would have already been thought of, then explicitly ruled out for exactly the kind of security reason the OP is on about.
It could be worse. On the ATM I usually use, if you press the button lightly, it beeps, but doesn’t register the digit. So sometimes when entering my four-digit PIN, I’ll get five beeps. Fortunately, this particular machine is indoors, so not subject to sun glare on the asterices.
There’s a very good reason for GSM phones to have DTMF tones: Automated phone systems (Press 1 for messages, 2 for options, 0 for an infinite cycle of operator-less frustration).
Yeah, that’s what I was considering one of the “minor uses” I referred to. Wiki observes:
There is even software that will decode the tones from a recording or direct mic input.
Understood, but what I meant (and didn’t state at all clearly above) was that many cell phones emit DTMF tones from the external speaker - as audible key press confirmation, whilst you’re keying a number in preparation to make the call.