"Access to thermal imaging cameras is more affordable than ever – they can be found for less than £200 – and machine learning is becoming increasingly accessible too," he said. According to the researchers, non-touch typists tend to leave their fingers on keys for longer, creating heat signatures that reside for a longer period of time.ĭr Khamis believes it is "very likely" that criminals are developing systems similar to ThermoSecure to steal passwords. The researchers reported that they could even tackle longer passwords of 16 characters with a 67% success rate within 20 seconds.Īnd there's bad news for slower "hunt-and-peck" typists who enter their passwords more slowly as they search for the right key to press. 12-symbol passwords were guessed up to 82% of the time, eight-symbol passwords were guessed on 93% of occasions, and six-symbol passwords were broken in 100% of attempts. The team then "trained an artificial intelligence model to effectively read the images and make informed guesses about the passwords from the heat signature clues using a probabilistic model."Īccording to the research, 86% of passwords were correctly revealed when thermal images were taken within 20 seconds, 76% when images were taken within 30 seconds of entry, and a still impressive 62% after 60 seconds.Īs you can probably imagine, success rates increased as passwords grew shorter. To put their system to the test, the researchers took 1,500 thermal photos from different angles of recently-used QWERTY keyboards. From there, attackers can try different combinations to crack users’ passwords. By measuring the relative intensity of the warmer areas, it is possible to determine the specific letters, numbers or symbols that make up the password and estimate the order in which they were used. The brighter an area appears in the thermal image, the more recently it was touched. In a press release announcing their findings, the experts described a possible attack scenario.Ī passerby carrying a thermal camera can take a picture of a keyboard that reveals the heat signature of where fingers have recently made contact. Boffins at the University of Glasgow, in Scotland, have developed a system which they claim demonstrates a new type of cybersecurity threat: a "thermal attack."Īccording to the researchers, the falling price of heat-detecting thermal imaging cameras and advances in machine learning have made it more feasible to guess what passwords a target may have entered on a keyboard, up to a minute after typing them.ĭr Mohamed Khamis led the development of ThermoSecure, a system that used a thermal imagine camera to identify what keys were last touched by an individual, and then guessed passwords and PINs entered on keyboards and ATM keypads.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |