There is always talk in the cybersecurity area about passwords since each platform asks us to have one, and it is recommended that they be different; never use the same one in two places. But, as technology advances, so do the ways to steal passwords. That’s why experts are looking for ways to know their weaknesses. A new study wants to fight passwords’ insecurities.
Dr. Mohamed Khamis is the leader of this study
The University of Glasgow is home to this interesting studio, which could easily be straight out of a spy movie. Dr. Mohamed Khamis, together with his team made up of Norah Alotaibi and John Williamson, presents the following question: can a thermal camera and machine learning crack passwords?
According to their results and their study of the data obtained, the answer is simple: yes, they can. This generates a great weakness in both personal and business cybersecurity, since both aspects work with passwords for platforms and systems. In order to carry out this study, they developed a system called ThermoSecure that is based on two aspects: a thermographic camera and an artificial intelligence (AI) model developed specifically to read the images and decipher codes.
Artificial intelligence is taking more ground every day in many areas of life and technology. This AI uses a method known as Machine Learning, which is nothing more than a series of algorithms that allows it to study patterns in large amounts of data, and develop predictions through predictive analytics.
But what is the pattern studied by ThermoSecure? Easy: the heat footprint left by the fingers when typing on smartphones, tablets, computers, and anything with a keyboard. Hence, the use of a thermal camera. All humans leave a trace of heat in their path, especially when coming into contact with an object. This knowledge became a concern for Dr. Khamis: “They say you need to think like a thief to catch a thief. We developed ThermoSecure by thinking carefully about how malicious actors might exploit thermal images to break into computers and smartphones.”
In this study, 1500 thermal photos of QWERTY keyboards were taken from different angles, and with his AI Machine Learning, they tried to make this process as accurate as possible. Among its results, a success of about 86% can be observed, if the image was taken 20 seconds after using the keyboard. From 30 seconds to one minute, the success rate is between 62% and 50%. Another fact is that, for 20-second images, it is easy to decipher long passwords of up to 16 characters. This decreases as the duration increases.
This study aims to shed light on a great weakness: thermal fingerprints can deliver the password to a cybercriminal.
“Access to thermal imaging cameras is more affordable than ever – they can be found for less than £200 – and machine learning is becoming increasingly accessible too. That makes it very likely that people around the world are developing systems along similar lines to ThermoSecure in order to steal passwords. It’s important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to develop our technology to try to stay one step ahead of attackers.”
Among the solutions are controlling the sale of thermal cameras or prohibiting those not complying with all security measures. The team also notes the material used for keyboards; the best is ABS plastic against PBT. In addition to this, users are recommended to learn to type faster and touch the keys as little as possible. The other alternative is to activate and configure simpler unlocking methods such as biometric data: “They mitigate many of the risks of a thermal attack,” emphasizes the specialist.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
Instagram: @eagletech_corp
Twitter: @eagletechcorp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp
