A new AI system allows cracking passwords from thermal residues

October 13, 2022
AI ThermoSecure Cracking Passwords Thermal-imaging Camera Attack Vector Digital Risk

Researchers have recently announced that they have developed an AI system called ‘ThermoSecure’ that involves thermal residues on several machines, such as computer keyboards, mobile phones, and ATM keypads, that a malicious actor could abuse to identify a person’s data, like their passwords.

ThermoSecure was developed by researchers at the University of Glasgow’s School of Computing Science. According to this development, thermal-imaging cameras and rising access to artificial intelligence (AI) open ways for malicious actors to launch thermal attacks. The heat traces left on devices are used to identify people’s entered credentials.

Through a thermal-imaging camera, anyone can trace the recent heat signature on a device based on the fingerprints that have marked them. The study explained that the brighter an area appears in the thermal image, the more recent it has been touched. Therefore, any adept person could easily analyse and trace data, like passwords or PIN codes, from the keyboard, keypad, or screen that has just been touched.

 

AI system has contributed to the findings of thermal images being a vector for cracking passwords.

 

According to the University of Glasgow researchers, the AI system has heavily contributed to the possibility of thermal attacks in which even low-skilled malicious actors could crack passwords by analysing thermal images.

Furthermore, the ThermoSecure AI system could aid anyone in analysing thermal images, with about 86% of passwords revealed when a thermal shot was taken within 20 seconds. Meanwhile, 76% of passwords could be cracked within 30 seconds, and 62% within 60 seconds.

The researchers also noted that long passwords are more difficult to guess. However, it is still proven that malicious actors can crack them through the developed AI system. It is also worth noting that ATM PIN codes, which have six characters or shorter, are more vulnerable to thermal attacks given the short length of the characters required.

The study also revealed that thermal-imaging cameras are becoming more affordable these days. Thus, malicious actors could easily get their hands on the device to execute thermal attacks against their targets.

Experts recommend that computer security researchers keep pace with these grave findings and find potential mitigation measures or develop a more advanced technology to combat them. For users, avoiding these threats could begin by establishing longer and stronger password combinations. While it is still possible, longer passwords are challenging to be cracked, even for thermal cameras to identify an accurate reading.

About the author

Leave a Reply