Lab Notes

Remember the last time your bank mailed you your PIN number? Probably not, although if the envelope containing the PIN had been opened and resealed you may remember the occasion. Now, researchers at the University of Cambridge have shown that the bad guys can read your PIN even without opening the envelope. In addition to the low tech "hold it up to a bright light and read the text through the envelope" approach, they also scanned the sealed envelopes, and with a little Photoshop manipulation, were able to read the contents.

While this attack troubling, it is both easy to defeat and unlikely to happen in the real world. It's easy to defeat because opaque envelopes — foiled lined ought to do the trick — eliminate the ability to read the envelope's contents without breaking the seal. It's unlikely to happen because of the difficult in ferreting out PIN number mailers from the barrage of innocuous junk mail that banks typically send out (unless, of course, you go through the PIN mail at its source — the office that creates and mails the PINs, but that can be secured separately). For instance, I get a PIN mailed to me once every couple of years, while during that same period get literally hundreds of "time to refinance!" offers from banks.