Cybersecurity researchers have detailed a new attack technique that can steal passwords thanks to a combination of thermal imaging and artificial intelligence (AI). This would also be valid to reveal the pin of a card or an email.
These researchers have developed an artificial intelligence-based system that makes it possible to guess computer and smartphone passwords in seconds by examining the thermal signatures that fingertips leave on keyboards and screens.
Called ThermoSecure, researchers at the University of Glasgow School of Computer Science have developed a system with a thermal camera and an algorithm that guesses the characters.
By using a thermal imaging camera to look at a computer keyboard, smartphone screen, or ATM keyboard, it is possible to take a photograph of the user that reveals the recent heat signature of fingers touching the device.
How to guess the password of the user in question
The brighter the area appears on the thermal image, the more recently it has been touched, meaning the image could be used to crack a user’s password or PIN code by analyzing where and when the keyboard or screen was touched.
Using ThermoSecure to analyze images using AI, 86% of passwords were revealed when thermal images were taken within 20 seconds, 76% could be guessed using images within 30 seconds, and 62% could be discovered after 60 seconds.
The longer the password, the harder it was to crack, but it was still possible in most cases: 12-character passwords were guessed up to 82% of the time, and eight-character passwords up to 93%. So in your email you have to put 12 or up.
Passwords of six characters or less were successfully cracked 100% of the time, something that could make ATM PIN codes or shorter codes used to protect smartphones especially vulnerable to attack.
Information of: computerhoy.com
