Hackers can now use your body heat to steal your passwords

While you type your password on your laptop or computer, you are also leaving heat traces that hackers can pick up and steal your password subsequently. Hackers make use of thermal imaging camera and then they scan your computer keyboard where you have typed your password.

Researchers at the University of California, Irvine UCI found out while conducting a research that key presses can be recovered within half a minute after the first key was pressed using the off-the-shelf solutions offered by FLIR cameras which are infrared and heat detecting. After a minute has passed, thermal scans can be used to obtain partial passwords.

The researchers found out that the thermal residue evaporates over time and there is a time before which thermal energy readings can be harvested from computer or laptops to recover the recently entered information.

Thirty users who are not experts were asked to guess the passwords based on thermal imaging scans. The users were able to guess passwords within 19.5 and 31 seconds after they were initially entered. While weak passwords such as football took half a minute for non-experts to obtain, as reported by TechRepublic.

So, the researchers came to a conclusion that by using forefingers to type, a user can leave a bigger fingerprint on each key which led to more heat trace left behind. This leads to the generation of more thermal noise. This made it tough to analyze heat traces using FLIR camera. While those that have acrylic fingernails are less prone to thermal attacks as they type with fingernails and therefore they leave almost no heat trace behind.

So, the findings suggest that thermal imaging attacks are realistic. If you need to keep your passwords safe while using computers in a public environment, you must use two-factor authentication. For this attack, an attacker needs to place a camera that has thermal recording features near the computer from where he intends to steal passwords. Furthermore, the research team believes that in order to get rid of passwords to secure user information, there must be an alternative to the use of passwords.

Researchers said,

“As formerly niche sensing devices become less and less expensive, new side-channel attacks move from ‘Mission: Impossible’ towards reality. This is especially true considering the constantly decreasing cost and increasing availability of high-quality thermal imagers.”