Cybercriminals use various methods to obtain passwords. Some engage in phishing by impersonating a trusted organization and sending fake emails, texts or calls to steal login credentials. Others turn to brute-force attacks that involve using trial and error to guess a user’s password. But did you know that heat can also be used to crack passwords?
Cybersecurity experts in Scotland have developed a system that uses thermal imaging and artificial intelligence (AI) to crack passwords instantly. The system, called ThermoSecure, works by analyzing the heat marks left by a person’s fingertips as they enter their password on a computer keyboard or mobile device. Since brighter areas in a heat-sensitive image indicate areas that have been touched more recently, this makes it possible to predict the order of letters, numbers and symbols used.
To make this possible, Associate Professor Dr. Mohamed Khamis and his team used machine learning and 1,500 thermal images of recently used keyboards to train an AI model to read heat signatures and examine possible combinations of passwords.
The study determined that longer passwords are more secure. ThermoSecure finds 67% of 16-character passwords within 20 seconds. The system can increase the success rate to 82%, 93%, and even 100% for 6-character passwords for short passwords.
In the study, it was determined that the success rate was 52% for keys made of ABS plastic, and only 14% for plastic keys.
The team that created ThermoSecure warns that thermal imaging password attacks may soon become more common given how thermal imaging cameras are becoming more affordable and machine learning more accessible. The team recommends using alternative authentication methods such as fingerprint or facial recognition to reduce the risk of these attacks. Dr. “Long passwords are harder to guess with ThermoSecure, so we recommend using long passwords wherever possible,” Khamis says.
53483
