Remember the thermal-camera attack to read heat left from fingers pressing buttons on keypads? A noncontact IR thermometer for a tenth the price may do the job as well. (The link uses a $20 one, but I suspect a nicer model would get you a window of opportunity longer than the two seconds they achieved.)
Stuff like this ought to be reason to swear off non-scrambling keypads entirely. Even if there’s still another way, like a pickable mechanical bypass cylinder.
Why bother if there’s still a hole? A smart attacker wants to find as many different ways in as possible. While the attacker prefers you get a totally wrong idea about who did it and how it happened, there’s always second best: persuading you it happened via an obvious and easy route, while the attacker still keeps a less-obvious back-back-door open.
Closing off as many holes as possible makes it much easier to narrow down where the attack came from. (It also makes the attack more costly to the attacker, always a good thing.) In the case of a pickable mechanical bypass cylinder, the attack now also leaves much more forensic evidence… picking a lock leaves scratches and marks, whereas pressing a keypad doesn’t.
Heads-up: This link is heavy in the lunatic-conservative political intro department. (No, I don’t endorse breaking into illegal immigrants’ homes to steal their money.)
“The idea is to use a Cen-Tech Non-Contact Infrared Thermometer (Harbor Freight Tools #93983) to measure the ambient keypad’s temperature, then quickly remeasure the key’s temperature after it has been pressed. This overall idea still needs a little tweaking, but it does appear to work.[…]
The key was pressed, and the key’s temperature is remeasured. It has now risen to approximately 71.7°F. This has to be done very quickly as the key will drop back to room temperature, or to within the thermometer’s error margin range, in under two seconds.”