A team of researchers from the University of Glasgow has imagined ThermoSecure, a program that takes advantage of machine learning. The latter interprets the thermal traces left on computer keyboards to reconstruct the words entered by users.
A team of researchers from the University of Glasgow published a paper called “ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards”, commonly used computer keyboards). This study demonstrates that it is possible to deduce a user’s password capturing a thermal image of his keyboard a few seconds after typing.
To read – 60% of Internet users use the same password on several platforms despite the dangers
In a controlled environment, the keys retain a residual heat for 30-60 seconds after typing. A number of previous studies have shown that a non-expert audience is able to interpret the thermal fingerprints left on the keys of ATMs, the touchscreens of smartphones or even on the touchpads of laptops. Their attempts to reconstruct such a password were crowned with success between 72% to 100% of the time.
Under the right conditions, ThermoSecure guesses passwords with 76-86% efficiency
The aim of scientists from the Scottish university is to demonstrate that it is possible to perfect this empirical technique leveraging machine learning. To do this, they designed ThermoSecure, a thermal image analysis system capable of estimating the characters entered by users. They evaluated the effectiveness of their program through two user studies that generated 1500 images of keyboards.
To read – Your password must be at least 8 characters long to avoid hacking, here’s why
ThermoSecure has proven to be extremely effective. When the thermal photograph was taken within 20 seconds of using the keyboard, it was able to determine 86% of the passwords entered. The accuracy of its predictions drops sharply if the keyboard is photographed more than 30 seconds after typing, to 76%. This technique could therefore be exploited maliciously by hackers and other cybercriminals, if they have the necessary equipment to quickly take a snapshot of their victim’s keyboard.
That said, several factors cloud ThermoSecure’s predictions. The composition of the keyboard influences its heat retention. Researchers recommend PBT keyboards (rarer and therefore more expensive) rather than ABS. In addition, long, complex and quickly entered passwords are more difficult for artificial intelligence to reconstruct. Judging by the simplicity of the most popular password in France, cybercriminals still have a bright future ahead of them.
Source: University Of Glasgow