Register now for better personalized quote!

This 'thermal attack' can read your password from the heat your fingertips leave behind

Oct, 10, 2022 Hi-network.com

A thermal image showing heat traces left by fingertips on a keyboard, which researchers say could be used to crack passwords.

Image: University of Glasgow

Computer security researchers say they've developed an AI-driven system that can guess computer and smartphone passwords in seconds by examining the heat signatures that fingertips leave on keyboards and screens when entering data. 

Called ThermoSecure, researchers at the University of Glasgow's School of Computing Science developed the system to show how the falling price of thermal-imaging cameras and increasing access to machine-learning and artificial intelligence (AI) algorithms are creating new opportunities for what they describe as thermal attacks. 

By using a thermal-imaging camera to look at a computer keyboard, smartphone screen or ATM keypad, it's possible to take a picture that reveals the recent heat signature from fingers touching the device.

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

The brighter the area appears in the thermal image, the more recently it was touched -meaning that the image could be used to crack a password or pin code by analyzing where the keyboard or screen was touched, and when. 

Earlier research by the University of Glasgow into thermal attacks has suggested that humans without expertise can guess passwords by looking at thermal images, and now -by adding artificial intelligence -passwords could be cracked even faster by specialist attackers. 

Also: A security researcher easily found my passwords and more: How my digital footprints left me surprisingly over-exposed

Using ThermoSecure to analyse images using AI, 86% of passwords were revealed when thermal images were taken within 20 seconds, 76% could be guessed using images within 30 seconds, and 62% could be discovered after 60 seconds. 

The longer the password, the more difficult it was to reveal, but it still proved possible in the majority of cases. ThermoSecure could crack two-thirds of passwords of up to 16 characters and, as passwords get shorter, the more success the system had -12-character passwords were guessed up to 82% of the time and eight-character passwords were guessed up to 93% of the time.  

Passwords made up of six characters or less were successfully cracked 100% of the time -something that could make ATM PIN codes or shorter codes that are used to protect smartphones particularly vulnerable to attacks. 

By using this clever technique, a malicious attacker observing potential victims could take a thermal photo of a keyboard, smartphone or ATM and use that to guess passwords. In some cases, they'd also need to physically access the device themselves -but it's also possible that the target could leave their computer unattended.  

Also: The scary future of the internet: How the tech of tomorrow will pose even bigger cybersecurity threats

There's also the possibility that an attacker could already know the username of their target's online account -or they could potentially use the thermal attack to uncover that, too. 

The paper on ThermoSecure -authored by the University of Glasgow's Dr Mohamed Kham, Dr John Williamson and Norah Alotaibi -has been released in the hope that it shows the potential risk posed by thermal imaging attacks as the technology used to power them becomes cheaper and more widely available. 

"Access to thermal-imaging cameras is more affordable than ever -they can be found for less than

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.