Contents:
Computer security researchers have developed a thermal attack technique combining thermal imaging and AI.
It uses an AI-driven system that can guess your password by inspecting the heat signatures left by fingertips when entering data on keyboards and screens.
This could discover computer or smartphone passwords in seconds, and it is a warning about how hackers can take advantage of increased access to innovative technologies.
How Thermal Attack Works
The University of Glasgow’s School of Computing Science created ThermoSecure “to show how the falling price of thermal-imaging cameras and increasing access to machine learning and artificial intelligence (AI) algorithms are creating new opportunities for what they describe as thermal attacks”, according to ZDNet.
This type of cyberattack works by taking pictures with a thermal-imaging camera on computer keyboards, smartphone screens, or ATM keypads. This type of picture will reveal the heat signature left by the fingers touching the machine. The brighter the traces, the more recent was the password typed.
How Fast ThermoSecure Is
Previous research about thermal attacks showed that a thermal image can be used by people without any expertise to guess passwords, with the use of AI this process is even faster and more successful.
ThermoSecure was capable of revealing 86% of passwords when thermal images are taken within 20 seconds, and 76% when within 30 seconds, dropping to 62% after 60 seconds of entry.
Short passwords are the easiest to reveal. For example, six characters passwords – like ATM PIN codes -were cracked 100% of the time.
Longer passwords are more difficult, but ThermoSecure could crack 16-character passwords 67% of the time, 12-character passwords up to 82% of the time, and 8-character passwords were guessed up to 93% of the time.
Cybercriminals Could Use the Same Technology
As the technology necessary for a thermal attack becomes cheaper and accessible, cybercriminals could use this technique in their deeds.
Using a thermal photo of keyboards, ATMs, or screens, hackers could guess passwords or even usernames. It is true that in some cases they will also need physical access to a device.
“Access to thermal-imaging cameras is more affordable than ever – they can be found for less than £200 – and machine learning is becoming increasingly accessible, too. That makes it very likely that people around the world are developing systems along similar lines to ThermoSecure in order to steal passwords,” said Dr. Mohamed Khamis, reader in computer science at the University of Glasgow, who led the development of ThermoSecure, according to ZDNet.
How to Protect Your Account
All these advanced cyber techniques could be undermined by doing one simple thing – using stronger passwords.
“Longer passphrases take longer to type, which also makes it more difficult to get an accurate reading on a thermal camera, particularly if the user is a touch typist,” said Dr. Mohamad Khamis via ZDNet.
Another step is using biometric authentication – like fingerprint or facial recognition – to neutralize a thermal attack.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.