Passwords alone are not enough to protect users from hacker attacks. A new study has revealed how criminals can use thermal cameras to retrieve passwords that an individual has entered into a smartphone, computer keyboard or even an ATM machine.
Researchers from the University of Glasgow have shown how heat-detecting cameras can help crack passwords within a minute of a user entering their password. They published their findings in the journal ACM Trans Transaction on Privacy and Security last month.
In the study, computer scientists developed an artificial intelligence (AI) system called ThermoSecure that can retrieve recently entered passwords from a person’s fingertips. AI can analyze the thermal camera’s keyboard and screen images to correctly guess the computer password in seconds.
About 86% of passwords have been cracked. The thermal image was taken within 20 seconds of entering a secret code, then passed through their ThermoSecure system for analysis.
The scientists also found that within 20 seconds, the system was able to successfully attack even 16-character passwords, with an accuracy rate of up to 67%.
Warning: thermal cameras and AI can make it easy for hackers to crack user passwords (Image: Peta Pixel)
As the password gets shorter and shorter, the success rate increases. A 12-character password guessed it correctly 82% of the time, an 8-character password up to 93%, and a 6-character password 100% of the time.
With thermal cameras costing less than $220 and AI becoming more and more accessible, researchers warn that criminals may be taking advantage of thermal imaging exploitation to break into computers and smartphones of the user.
Dr Mohamed Khamis, who led the study with Norah Alotaibi and John Williamson, said: “Affordable models of thermal cameras are readily available for under £200 (US$220), and the camera Learning is also becoming increasingly accessible. That’s why people around the world are developing systems similar to ThermoSecure to steal passwords.”
Thermal camera attacks
Heat attacks can occur after an individual enters their password or passcode on a computer keyboard, smartphone screen, or after entering their pin code at an ATM.
The thief can then use the thermal camera to take pictures and record the heat signature of the device’s fingertips. In the images recorded by the thermal detection camera, the keys touched by the user are brighter than the rest.
The warmer the area, the more recently touched, allowing criminals to determine the order in which the keys can be used to try different combinations and possibly crack the password.
By measuring the relative strength of the warmer key areas, the researchers found, it was possible to identify the specific letters and numbers of symbols that make up a password and estimate the order in which they were used.
“It is important for computer security research to keep pace with these developments to find new ways to reduce risk, and we will continue to evolve our technology to try to stay ahead of the curve” explains Khamis one step ahead of attackers.
Dr Khamis says that longer passwords should be used whenever possible, with passwords that are harder to guess correctly. Meanwhile, the type of material the keyboard is made of can affect their ability to absorb heat, with some plastics being much more heat-retaining than others.
He adds: “Backlit keyboards also generate more heat, making heat readings more difficult, so PBT plastic backlit keyboards can be safer. Finally, users can make their devices and keyboards more secure by adopting alternative authentication methods, such as fingerprint or facial recognition, which reduce the risk of typing attacks steal passwords with thermal cameras”.
Source: Peta Pixel
Source: Vietnam Insider