Skip to main content

Cracking PIN Numbers

Cracking PIN numbers

PIN numbers are vulnerable to the same weaknesses as other passwords; people can choose them. Many applications and phones rely on PIN numbers for locking access to devices. If a PIN is good enough to protect your bank card, then it's probably safe enough to protect your phone right?

But phones tend to be much more lenient than banks when it comes to getting your PIN wrong. Fruit based devices and Android devices all let you try 10 PIN codes before wiping the device. How much extra leverage does that give an attacker? What if they have access to multiple devices and bank cards?

Most common three PIN numbers

Data from a recent (2014) breach gives us some answers. The most common PIN number in this set is 0000(5.25%) closely followed by 1234 (4.15%) and 1111(2.89%). These three PIN numbers make up over 12% of the data. If you only had three tries (read bank card at an ATM) these are the numbers to try.

A recent report by McAffee values your credit card and PIN at $200. If an attacker can work out your PIN at an ATM, they don't even need to take any money from your account to profit, they can simply sell the card on to someone else.

Top 10 most common personal identification numbers

These popular PIN numbers make up 17.2% of all PINs, that's way more than 0.1% we would expect if people were choosing random numbers. The top 10 PIN numbers include all of the expected unimaginative sequences of numbers. The single digits runs such as 9999, 8888 and 4444 are in there. Sneaking it at number 7 is 2580 which is an obvious 4 digit for a phone. This gives a good indication that many people are sharing PIN numbers between their phone and their bank card, because 2580 isn't quite so obvious on an ATM.

At number 9 we have 4321 which shows that a tiny bit of thought has gone into not choosing the most obvious PIN, but lots of people had the same idea.

An attacker trying to access a phone protected by a PIN which allows you 10 attempts would be able to unlock 17% of devices without any technical know how by trying these numbers. If you are sharing PIN codes then unlocking your phone would then give someone quick access to your ATM card. Sharing PINs between devices is not a good idea.

Most common 20 PIN numbers

With just these 20 PIN we have covered over 20% of the populations personal identification numbers. Here we start to see some personalization of the numbers. PINs starting 19XX are clearly birth dates. The most common is 1972 which perhaps gives an indication of the demographic of people using their birthday as a PIN number. Dates drop off towards the 90's but pick up again in the 2000's. It looks like Gen Y know not to use their birthday as a PIN, but Gen X is still using their birthdays, anniversaries or children's birthdays.
<p>A staggering 9.87% of PINs start with 19XX. Make sure that if someone steals your wallet and phone that your PIN number isn't written clearly on your drivers license.
<p>Two other numbers that jump out here are 2468 and 9876, both of which didn't require much imagination.

Further patterns in PIN codes

Other patterns that emerge are pairs of numbers such as 1122 and 1212. In fact most PIN numbers start with 1XXX (33%) or 2XXX (15%).

Recommendations

What does mean for protecting yourself?

Don't use a simple pattern for your PIN number.
Don't use birthdays or anniversaries.
Don't share PIN numbers between devices and ATM machines.
Use a proper random number generate PIN numbers

Labels:

Comments

Post a Comment

Popular posts from this blog

Snagging creds with Raspberry Pi Zero and Responder

So this is not all my own original work. This is a bringing together of the ethernet gadget tutorial by lady ada at adafruit and the beautiful work by Mubix at room362 which uses Laurent Gaffie's from SpiderLabs responder.py scripts. I'm still using Mubix's recipe of USB Ethernet + DHCP + Responder == Creds but here we are using a £4.00 Raspberry Pi Zero instead of the USB armoury or the HAK5 LAN turtle. Both are awesome products. Please note that this only works on the RPi Zero. Other RPi's will not work!   1.0 Setup the the RPi Zero for Ethernet over USB Download and install the latest Jessie Lite from here onto an SD Card. Pop the card out of the card reader and re-insert it to mount it. Take your favorite text editor and edit the following two files in the boot partition. config.txt Go to the bottom and add dtoverlay=dwc2 as the last line: Save the config.txt file. cmdline.txt After rootwait (the last word on the first line) add a spa...
3 comments
Read more

HoneyPot WarGames - The Hackers Dictionary

Every year security companies are coming up with the “worst passwords” based on breached credentials found on in the murkier parts of the internet. Every year people seem surprised that “123456” is a terrible password and people are still using it. Passwords often get rated by how quickly the could be “cracked”. The length of time for cracking passwords in the real world varies wildly according the the context and the numbers are often confusing. NordPass recently published their list of most common passwords and claimed that the third most popular password was “picture1” and it would take 3 hours to crack. If that’s referring to offline password cracking then we should have a whip-round to upgrade the hackers hardware because a password like that should take seconds to crack. When hackers try to brute force their way into an account online they have to try lots of different password combinations until they get in, or just give up. This takes a lot of time so hackers spend time optimiz...
Post a Comment
Read more

DIY RedTeam Bypass Tools - Wallet Jim

I keep hand written notes on everything I find that is useful. This is part of a series of blog posts on making your own DIY red team tools from my notes. Obviously you should only use these tools where you are allowed to use these tools, and you should take care when making or using any tools. These are just my notes on what worked for me, your mileage may very, etc. Wallet Sized Slim Jim Tool The slim jim or shove tool is for "latching loiding". It works by reaching into the gap between the door and the frame to push or pull on the latch. This won't work on a properly fitted lock which use a deadlatch or dead locking plunger. Many deadlatch locks are not properly fitted or badly maintained so it's always worth a try. The term loiding comes from celluloid used in filmstrips which was the material originally used in some of these attacks. This jim is very small and sized to fit in a wallet. You are going to need: Materials: This is made from a thin steel ruler l...
Post a Comment
Read more