Your passwords could be cracked using thermal cameras powered by AI

News
By
published

Slower typers with certain keycaps are at greater risk

Thermal imaging
(Image credit: Pixabay)

Thermal cameras, with the help of AI, can be used to detect the keys you press when inputting your password on a keyboard.

A team at the University of Glasgow looked at how AI, rather than mere visual inspection, can be used successfully in processing thermal images that pick out traces of heat left on the keycaps of keyboards when passwords were entered.

The researchers demonstrated the effectiveness of the system, known as ThermoSecure, using 1,500 images of keyboards with heat traces leftover from typing. 

ThermoSecure

In their first study, the researchers claim that "ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respectively, and even higher accuracy when thermal images are taken within 30 seconds."

Read more

> New attack method can steal offline PC data through walls

> This new malware doesn't even need a connection to infect devices

> This devious attack turns a SATA cable into a data-stealing antenna

They also said that "typing behavior significantly impacts vulnerability to thermal attacks: hunt-and-peck typists are more vulnerable than fast typists (92% vs. 83% thermal attack success)."

The second study also revealed that the material the keys are made of had a significant impact on the success of thermal attacks. A common material used, the copolymer plastic Acrylonitrile Butadiene Styrene (ABS), resulted in longer lasting heat traces from presses than those on PBT keys. This meant that attacks on ABS keycaps had an average accuracy of 52%, while those on PBT keycaps had only 14%.

When it comes to the equipment used, only a basic thermal camera is needed - the researchers noted that models costing only around $150 suffice. The AI software works via object detection based on Mask RCNN, which maps the thermal image to the keyboard keys. Variables such as keyboard localization are taken into account, before key entry and multi-press detection is factored in, and an algorithm determines the order of the key presses.

Although it is unlikely you'll have a thermal camera trained on your device in the real world, there are a few steps you can take to secure yourself against such attacks. Firstly, as previously indicated, hunt-and-peck typists are at greater risk, so using longer passwords and typing faster where possible may help.

Also, backlit keyboards can emit more heat, which actually helps to mask the heat signatures from pressed keys. And even if you use the most secure passwords created by a password generator, along with the best password manager possible, biometric and other passwordless options will always be better as there are no significant key presses at all from a thermal attack perspective.

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.