]A new insider attack strategy involving the measurement of thermal energy from keyboards has demonstrated the ability to expose passwords by identifying recently depressed keys, according to researchers from the University of California, Irvine (UC Irvine).
UC Irvine's Gene Tsudik warns the "Thermanator" hack enables a hacker with a mid-range thermal camera to identify keys pressed on a normal keyboard up to one minute after they are touched.
"If you type your password and walk or step away, someone can learn a lot about it after the fact," he says.
The researchers collected thermal residues from 30 users who inputted 10 unique passwords on four commodity keyboards.
The outcomes suggest whole sets of key-presses can be retrieved by non-experts up to 30 seconds after initial entry, while partial sets can be reconstructed up to 60 seconds later.
Hunt-and-peck typists were determined to be especially vulnerable.
From Help Net Security
View Full Article
Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA