New insider attack steals passwords by reading thermal energy from keyboards

After entering a password, your regular computer keyboard might appear to look the same as always, but a new approach harvesting thermal energy can illuminate the recently pressed keys, revealing that keyboard-based password entry is even less secure than previously thought.

Thermanator

Thermal image of “passw0rd” 20 seconds after entry

Computer Science Ph.D. students Tyler Kaczmarek and Ercan Ozturk from UC Irvine’s Donald Bren School of Information and Computer Sciences (ICS), working with Chancellor’s Professor of Computer Science Gene Tsudik, have exploited thermal residue from human fingertips to introduce a new insider attack — the Thermanator.

“It’s a new attack that allows someone with a mid-range thermal camera to capture keys pressed on a normal keyboard, up to one minute after the victim enters them,” describes Tsudik. “If you type your password and walk or step away, someone can learn a lot about it after-the-fact.”

Their paper, “Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry,” outlines the rigorous two-stage user study they conducted, collecting thermal residues from 30 users entering 10 unique passwords (both weak and strong) on four popular commodity keyboards.

Source: New insider attack steals passwords by reading thermal energy from keyboards – Help Net Security

Advertisements
Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at WordPress.com.

%d bloggers like this: