Jump to content

Thermanator Attack Steals Passwords by Reading Thermal Residue on Keyboards


Recommended Posts

A person's fingers leave thermal residue on keyboard keys that a malicious observer could record and later determine the text a user has entered on the keyboard, according to a recently published research paper by three scientists from the University of California, Irvine (UCI).


Thermanator attack


"It’s a new attack that allows someone with a mid-range thermal camera to capture keys pressed on a normal keyboard, up to one minute after the victim enters them," says UCI Computer Science Professor Gene Tsudik, one of the three researchers who worked on the paper.


"If you type your password and walk or step away, someone can learn a lot about it after-the-fact," Tsudik said.


Thermanator attack can recover passwords, PINs


The UCI team calls this attack Thermanator, and they say it can be used to recover short strings of text, may it be a verification code, a banking PIN, or password.


Attackers need to be able to place a camera with thermal recording features near a victim, and the camera must have a clear view of the keys for the Thermanator attack to work.


But when these conditions are met, an attacker, even a non-expert one, can recover a collection of keys the victim has pressed, keys which it can later assemble into possible strings to be used in a dictionary attack.


Passwords can be recovered up to 30 seconds after input


In laboratory experiments, the research team had 31 users enter passwords on four different keyboard types. UCI researchers then asked eight non-experts to derive the set of pressed keys from the recorded thermal imaging data.


The test showed that thermal data recorded up to 30 seconds after the password entry is good enough for a non-expert attacker to recover the entire set of keys pressed by a victim.


Attackers can recover partial key sets when the thermal data is recorded up to one minute after the key presses.


Researchers say that users who type using a "hunt and peck" technique of pressing one key at a time with two fingers while continually looking at the keyboard are more susceptible to having their key presses harvested by this technique.


UCI researchers: Passwords must go


One of the conclusions of this research is that over the years several academics have devised several types of attacks for recording passwords in various ways, such as through mechanical vibrations, electromagnetic emanations, and more. The research team argues that it may be time to move away from passwords as a means to secure user data and equipment.


"As formerly niche sensing devices become less and less expensive, new side-channel attacks move from 'Mission:


Impossible' towards reality," researchers said. "This is especially true considering the constantly decreasing cost and increasing availability of high-quality thermal imagers."


< Here >

Link to comment
Share on other sites

  • Replies 2
  • Views 573
  • Created
  • Last Reply
7 hours ago, tao said:

new side-channel attacks move from 'Mission:Impossible' towards reality


Surely they jest.  To believe that someone is going to type in a password and then leave immediately so someone else can take a thermal photo of their keyboard does not pass the common sense test.   And the fact that keyboards have LEDs in them and are warm enough to show up on a thermal sensor totally negates this Sci-Fi hacking article.  Test it yourself.  Borrow a thermal image device from someone, turn on your keyboard with lit keys, type in your password, and immediately take an image.  You won't be able to tell which keys were pressed since they all show heat signatures.  Even if they aren't the lighted kind, to transfer a significant enough amount of heat to show up would require a longer touch than the majority of typists would touch a key in reality.

Link to comment
Share on other sites

Wow, very interesting article :) So I will use gloves when I wrote XD jajajajaja :D 

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...