Pentesters know that you can sometimes determine a keypad password by looking at the worn down numbers on ATM like pads. And it is well known that thermal scanning of a keypad within 30 - 60 seconds before the heat dissipates will still show traces. Most traces will start dissipating after 20 seconds and gradually fade as the seconds tick on. This can be helpful in cracking say a short four letter pin. Getting more data is needed to get a more complex password.
Knowing that thermal cameras are getting cheaper some approximately $200, researchers at University of Glasgow, Scotland developed a system called ThermoSecure that uses machine learning to expand the ability to analyze and crack passwords on keyboards. The researchers took 1500 thermal images and fed them to machine learning to expand cracking.
Researchers from the University of Glasgow developed the system, called ThermoSecure, to demonstrate how falling prices of thermal imaging cameras and rising access to machine learning are creating new risks for ‘thermal attacks.’
Thermal attacks can occur after users type their passcode on a computer keyboard, smartphone screen or ATM keypad before leaving the device unguarded. A passerby equipped with a thermal camera can take a picture that reveals the heat signature of where their fingers have touched the device.
The brighter an area appears in the thermal image, the more recently it was touched. By measuring the relative intensity of the warmer areas, it is possible to determine the specific letters, numbers or symbols that make up the password and estimate the order in which they were used. From there, attackers can try different combinations to crack users’ passwords.
Previous research by Dr Mohamed Khamis, who led the development of ThermoSecure, has already demonstrated that non-experts can successfully guess passwords simply by looking carefully at thermal images taken between 30 and 60 seconds after surfaces were touched.
Read research here.
(University of Glasgow - University news - AI-driven ‘thermal attack’ system reveals passwords in seconds )