Hackers may now use thermal cameras and artificial intelligence to reveal passwords

Publisher:科技律动Latest update time:2023-04-25 Source: cnBeta Reading articles on mobile phones Scan QR code
Read articles on your mobile phone anytime, anywhere

Researchers warn that current password-based security protections could deteriorate if hijackers start using artificial intelligence-assisted thermal imaging to determine passwords shortly after they are entered. Researchers at the University of Glasgow have unveiled a method to guess recently entered passwords on keyboards and phone screens with high accuracy by imaging the heat signature of users' fingers.


The technique's success rate varies with time, materials and password length, but could worsen a recent uptick in device thefts.

2023-04-24-image-13-j.webp

Thieves have recently begun stealing and breaking into phones and other devices by watching users enter their passwords in public places. Logging in with a victim's password is a straightforward way to overcome all the security measures that companies like Apple and Google have painstakingly put in place, and once someone steals and logs into their device, there's nothing the victim can do.


However, a successful identity theft requires the perpetrator to remember the password as they see it, or to record the victim as they enter it. The researchers' new method could give thieves a wider window into deciphering passwords after someone types them in.


If a person takes a picture of the screen or keyboard with a thermal camera within a minute of entering their password, the AI ​​can reliably guess the sequence of key presses. The system, called ThermoScure, has a success rate of at least 62 percent, depending on the conditions.


Timing is of the essence, and ThermoSecure had an 86% success rate when analyzing photos taken within 20 seconds of entering a password. The success rate dropped to 76% at 30 seconds and to 62% after one minute.

2023-04-24-image-15-j_1100.webp

Longer passwords reduce the effectiveness of the system to some extent. ThermoSecure can guess a 16-character password 67 percent of the time in images taken within 20 seconds of someone entering the password. The guess rate rose to 82% for 12-character passwords, 93% for 8-character passwords, and 100% for 6-character passwords. These results make any non-alphanumeric iPhone passcode a prime target for the system, as simple passcodes for the device can be up to six numbers.


As with keyboards, other factors such as typing style and materials can also affect ThermoSecure's accuracy. From a 30-second thermal signature image, the system could guess the passwords of touch-typists 80% of the time and the passwords of predatory users 92% of the time. Meanwhile, keys made of PBT plastic reduce the success rate to 14%, while ABS plastic only reduces it to about 50%. Backlit keyboards are also safer because they generate more heat and hide thermal fingerprints.


Identity thieves already have easy and cheap access to thermal cameras. While methods to combine them with AI-driven guesswork are not yet available, this study appears to prove the theory, giving users more reason to enact strong security measures. They should avoid entering passwords where others can see them and use other authentication methods, such as biometrics, where possible.


Reference address:Hackers may now use thermal cameras and artificial intelligence to reveal passwords

Previous article:How much does it cost to hack a Starlink satellite terminal? $25
Next article:Quantum lidar acquires 3D images underwater and is expected to be used in fields such as security and defense

Latest Security Electronics Articles
Change More Related Popular Components

EEWorld
subscription
account

EEWorld
service
account

Automotive
development
circle

About Us Customer Service Contact Information Datasheet Sitemap LatestNews


Room 1530, 15th Floor, Building B, No.18 Zhongguancun Street, Haidian District, Beijing, Postal Code: 100190 China Telephone: 008610 8235 0740

Copyright © 2005-2024 EEWORLD.com.cn, Inc. All rights reserved 京ICP证060456号 京ICP备10001474号-1 电信业务审批[2006]字第258号函 京公网安备 11010802033920号