Researchers have recently demonstrated that concealing the PIN pass with the other hand is not a sufficient method to defend it against deep learning-based attacks.
This was demonstrated by an experiment with a special deep-learning algorithm that can guess four-digit card PINs 41% of the time.
For the experiment, the researchers collected 5,800 videos when 58 different people entered 4-digit and 5-digit PINS with a machine (Xeon E5-2670 with 128GB of RAM and three Tesla K20m with 5GB of RAM each) to run the prediction model.
Using three tires, the maximum allowed number of attempts before the card is retained, the researchers reconstructed the correct sequence for 5-digit PINS 30% of the time and reached 41% for the 4-digit PINs.
Countermeasures that should be taken to mitigate such an event include a 5-digit PIN, which seems to be more secure against such attacks, full hand coverage, which can help reduce the accuracy of the attack to 0.33, and a third measure is to offer users a virtual keypad instead of the standardized mechanical one.
For more information, read the original story in Bleeping Computer.
