Sign In

Communications of the ACM

ACM TechNews

New Insider Attack Steals Passwords by Reading Thermal Energy From Keyboards


Thermal after-images on a standard keyboard.

A hacker with a mid-range thermal camera can identify keys pressed on a normal keyboard up to one minute after they are touched, according to a University of California, Irvine study.

Credit: helpnetsecurity.com

]A new insider attack strategy involving the measurement of thermal energy from keyboards has demonstrated the ability to expose passwords by identifying recently depressed keys, according to researchers from the University of California, Irvine (UC Irvine).

UC Irvine's Gene Tsudik warns the "Thermanator" hack enables a hacker with a mid-range thermal camera to identify keys pressed on a normal keyboard up to one minute after they are touched.

"If you type your password and walk or step away, someone can learn a lot about it after the fact," he says.

The researchers collected thermal residues from 30 users who inputted 10 unique passwords on four commodity keyboards.

The outcomes suggest whole sets of key-presses can be retrieved by non-experts up to 30 seconds after initial entry, while partial sets can be reconstructed up to 60 seconds later.

Hunt-and-peck typists were determined to be especially vulnerable.

From Help Net Security
View Full Article

 

Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


 

No entries found