JAKARTA A recent study revealed that a four-digit password to unlock a smartphone is no longer able to protect your device from hackers.
The researchers warn that heat from your fingertip can be used to solve your password, this can be done up to a minute after you type it.
Researchers from the University of Glasgow have demonstrated how hackers can use thermal cameras to re-tracing the passwords you type into smartphones, computer keyboards, or even ATMs.
In the study, researchers developed an AI system called ThermoSecure that can re-trace passwords that were recently typed from thermal images.
New research from @GlasgowCS, led by @MKhamisHCI, shows how thermal camera images of keyboards and screens can be analysed by AI to correctly guess computer passwords in seconds. ⌨️Read more ➡️ https://t.co/5NywPqSZt7 pic.twitter.com/Olourew3zf
— University of Glasgow (@UofGlasgow) October 10, 2022
About 86 percent of passwords were hacked when thermal images were taken within 20 seconds after typing a secret code and entering through their ThermoSecure system, and 76 percent when in 30 seconds. But success fell to 62 percent after 60 seconds of entry.
They also found that within 20 seconds the system managed to attack even 16 long passwords, with a truth accuracy rate of up to 67 percent. If the password gets shorter, then the success rate increases.
Even the password for twelve symbols was predicted at 82 percent, the password for eight symbols was up to 93 percent, and the password for six symbols was successful in 100 percent effort.
They say you need to think like a thief to catch a thief, said Mohamed Khamis, of the Scottish University's Faculty of Computer Sciences. We developed ThermoSecure by thinking carefully about how bad actors could exploit thermal images to break into computers and smartphones.
In an image taken by a heat detection camera, the area looks brighter if it's just being touched.
A thermal attack can occur after users type their password on a keyboard, smartphone screen, or keypad, before leaving the device unguarded.
Passing people equipped with thermal cameras can take pictures showing heat signatures from where their fingers touch the device, with the brighter an area emerges, the more the area is touched.
By measuring the relative intensity of warmer areas, researchers found, is possible to determine a specific letter, the number of symbols that form a password and estimate its use sequence.
Dr. Khamis, who led technological development with Norah Alotaibi and John Williamson, said with thermal imaging cameras more affordable than ever before and machine learning becomes more accessible, it is highly likely that people around the world are developing a similar system to ThermoSecure to steal passwords.
It is important that computer security research follows these developments to find new ways to reduce risk, and we will continue to develop our technology to try to be one step ahead of attackers, Khamis said.
The researchers, who published their findings in the journal ACM Transactions on Privacy and Security, also found out how the user type affects the heat signatures left on the keyboard, and therefore how easy it is to break passwords.
keyboard users who type slowly tend to let their fingers stay on the button longer, creating longer heat signatures than touch typing faster.
Meanwhile, types of keyboard materials made of certain materials can affect their ability to absorb heat, even some plastic materials are much more likely to maintain a heat pattern than others.
Dr. Khamis said longer passwords should be used as much as possible, and more difficult passwords to guess accurately.
"The keyboard with the background lights also produces more heat, making accurate thermal readings more challenging, so the keyboard with a backlight with PBT plastic in surprise is safer," he said.
Finally, users can help make their devices and keyboards more secure by adopting alternative authentication methods, such as fingerprints or facial recognition, which reduces many thermal attack risks, he explained.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
