technology

Thermal imaging attacks. Experts sound the alarm

Thermal imaging attacks. Experts sound the alarm

Kaspersky cybersecurity experts have conducted new research into an unusual way of stealing passwords using a thermal camera. This time, in addition to ATMs, they also focused on smartphones and computer keyboards.

Thermal imaging attacks have been on the radar of researchers for over 15 years. One of the earliest studies in this area deals with the most common real-world scenario – attack on ATMs. It turns out, however, that smartphones and keyboards can also be vulnerable to thermal attacks.

Scientists from the University of Glasgow in Scotland have developed the system ThermoSecurewhich uses a thermal imaging camera to identify keys touched by the user of an ATM or computer. The device identified the keys used, then guess the passwords entered on the keyboards of both computers and ATMseven a minute after typing them.

Criminals can hijack the ATM password

In order to test the system, the researchers did 1500 thermal images of recently used keyboards at different angles. The team then used an artificial intelligence model to read images efficiently and make informed guesses about the passwords from the heat signature cues.

According to scientists as much as 86 percent passwords have been guessed correctly within twenty seconds of typing them. With the passage of time – between using the keyboard and taking a photo – the effectiveness of decoding the sequence decreased and amounted to 76%. after 30 seconds and 62 percent. after 60 seconds.

In front of taking over the PIN code to the ATM, however, you can avoid it. This is a new important safety principle that everyone should follow. Just enter it using the item that it will not give off heat – as is the custom of human hands. You can do that use the keys – after all, usually everyone has them with them – or a larger coin. It is a solution recommended for summer and spring. After all, in autumn and winter you can do it use suitably thick gloves that will reduce heat transfer through your fingers.

Thermovision and smartphones

Company researchers Kaspersky believe that – as in the case of ATMs – the success of an attack on a smartphone depends on how quickly the thermal image is captured after entering a PIN or a secret combination. Taking a picture is a bit more difficult in this case because unlike an ATM, people carry theirs smartphones with me. Either way, you can imagine a case where someone in a crowd of people (e.g. on a bus) takes a photo like this.

A 2017 study cited by experts proves that data analysis technologies have improved and that the overall success rate was higher than in the 2011 ATM experiments. Up to 89 percent PIN codes were successfully obtained thanks to the timely use of thermal imaging.

PINs and patterns to unlock smartphones and their heat traces.
Image source: © Kaspersky

PINs and patterns to unlock smartphones and their heat traces.

As much as 78 percent The codes were cracked when the photo was taken 30 seconds after unlocking the phone, and 22% when researchers waited 60 seconds. Incidentally, pattern locks are more difficult to recognize using this method. However, there is another problem with them. In 2010, it was shown that these combinations are fairly easy to guess from fingerprints left on the screen, which stay there much longer than thermal prints.

Thermovision and keyboard

Researchers at the University of Glasgow in Scotland, to really test the possibilities of thermal espionage, tried them on alphanumeric passwords entered on a real keyboard.

Traces of heat from pressing keys on the computer keyboard.
Image source: © Kaspersky

Traces of heat from pressing keys on the computer keyboard.

In this study – as in the others – reliability of password recovery after specified time was tested: the thermal dump was performed at intervals of 20, 30 and 60 seconds. There is a new variable in the form of password length, which can be any. Most importantly, researchers applied machine learning algorithms. Algorithms that have been trained on hundreds of keyboard images paired with known combinations have shown excellent results in password recovery.

Surprisingly, in half of the cases, even a 16-character long password was recoverable.

How the password is retrieved depends on the time between entering and imaging, as well as the length of the password.
Image source: © Kaspersky

How the password is retrieved depends on the time between entering and imaging, as well as the length of the password.

There were also some unexpected discoveries. The effectiveness of the method depends on the type of plastic – some heat up less than others. It is also important whether the keyboard is backlit. In general, any external heating of the buttons – be it from the built-in LEDs or from a processor located under the keyboard in a laptop – destroys the thermal trace. One more note – the faster a password is entered, the less likely it is to be revealed in thermal imaging.

Konrad Siwik, a journalist at dobreprogramy.pl

#Thermal #imaging #attacks #Experts #sound #alarm

Related Articles

Back to top button