AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools

New research demonstrates the use of thermal camera images of keyboards and screens in concert with AI to correctly guess computer passwords faster and more accurately.

2 Min Read
AI and Residual Finger Heat Could Be a Password Cracker's Latest Tools
Alamy

Password-cracking and guessing attempts are successful enough as it is to put more than a little gray in the hair of experienced cybersecurity professionals. Now new research shows even more effective cracking attempts could be perpetrated by attackers equipped with a cheap thermal camera and some simple deep-learning models.

The AI-driven attacks were conceptualized and refined by Dr. Mohamed Khamis of the University of Glasgow School of Computing Science and his colleagues at the school, Norah Alotaibi and Dr. John Williamson, who are set to publish their results in an upcoming issue of the ACM Transactions on Privacy and Security journal.

The paper details their work to use off-the-shelf thermal cameras and a probabilistic model that utilized 1,500 thermal images they took of recently used keyboards to create a method of accurately cracking passwords — even in uncontrolled settings. Dubbed ThermoSecure, the method captures heat signatures via thermal cameras and analyzes them with the researchers' AI modeling to guess a password with 86% accuracy when the images are taken within 20 seconds of input, and 62% accuracy within 60 seconds of input.

"Even without knowing the order of the keys, it is possible to significantly reduce the search space, which means fewer attempts are required to guess a password," the researchers wrote in their paper.

Related:A New Spin on a Classic Type of Social Engineering Attack

Khamis pointed to the accessible price of thermal cameras — which can be picked up for less than $200 — as a cue for why his team wanted to explore this as a potential threat vector. As he explains, this is likely an area where the bad guys are already innovating to develop ways to leverage these tools to their advantage.

"They say you need to think like a thief to catch a thief. We developed ThermoSecure by thinking carefully about how malicious actors might exploit thermal images to break into computers and smartphones," he said. "It's important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to develop our technology to try to stay one step ahead of attackers."

Continue Reading This Article on Dark Reading

Read more about:

Dark Reading

About the Authors

Dark Reading

Long one of the most widely read cyber security news sites on the Web, Dark Reading, a sister site to ITPro Today, is now the most trusted online community for security professionals like you. Dark Reading's community members include thought-leading security researchers, CISOs, and technology specialists, along with thousands of other security professionals.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like