Home → News → New Insider Attack Steals Passwords by Reading Thermal... → Full Text

New Insider Attack Steals Passwords by Reading Thermal Energy From Keyboards

By Help Net Security

July 13, 2018

[article image]

]A new insider attack strategy involving the measurement of thermal energy from keyboards has demonstrated the ability to expose passwords by identifying recently depressed keys, according to researchers from the University of California, Irvine (UC Irvine).

UC Irvine's Gene Tsudik warns the "Thermanator" hack enables a hacker with a mid-range thermal camera to identify keys pressed on a normal keyboard up to one minute after they are touched.

"If you type your password and walk or step away, someone can learn a lot about it after the fact," he says.

The researchers collected thermal residues from 30 users who inputted 10 unique passwords on four commodity keyboards.

The outcomes suggest whole sets of key-presses can be retrieved by non-experts up to 30 seconds after initial entry, while partial sets can be reconstructed up to 60 seconds later.

Hunt-and-peck typists were determined to be especially vulnerable.

From Help Net Security
View Full Article


Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


No entries found