Malware News Thermanator Attack Steals Passwords by Reading Thermal Residue on Keyboards (up to one minute after input)

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/thermanator-attack-steals-passwords-by-reading-thermal-residue-on-keyboards/
A person's fingers leave thermal residue on keyboard keys that a malicious observer could record and later determine the text a user has entered on the keyboard, according to a recently published research paper by three scientists from the University of California, Irvine (UCI).

"It’s a new attack that allows someone with a mid-range thermal camera to capture keys pressed on a normal keyboard, up to one minute after the victim enters them," says UCI Computer Science Professor Gene Tsudik, one of the three researchers who worked on the paper.

"If you type your password and walk or step away, someone can learn a lot about it after-the-fact," Tsudik said.

Thermanator attack can recover passwords, PINs

The UCI team calls this attack Thermanator, and they say it can be used to recover short strings of text, may it be a verification code, a banking PIN, or password.

Attackers need to be able to place a camera with thermal recording features near a victim, and the camera must have a clear view of the keys for the Thermanator attack to work.

But when these conditions are met, an attacker, even a non-expert one, can recover a collection of keys the victim has pressed, keys which it can later assemble into possible strings to be used in a dictionary attack.

Passwords can be recovered up to 30 seconds after input

In laboratory experiments, the research team had 31 users enter passwords on four different keyboard types. UCI researchers then asked eight non-experts to derive the set of pressed keys from the recorded thermal imaging data.

The test showed that thermal data recorded up to 30 seconds after the password entry is good enough for a non-expert attacker to recover the entire set of keys pressed by a victim.

Attackers can recover partial key sets when the thermal data is recorded up to one minute after the key presses.

Researchers say that users who type using a "hunt and peck" technique of pressing one key at a time with two fingers while continually looking at the keyboard are more susceptible to having their key presses harvested by this technique.
Click to expand...
 
  • Like
Reactions: upnorth, vtqhtr413, stefanos and 7 others
You must log in or register to reply here.

Similar threads

CyberTech
    • Like
    • Wow
This 'thermal attack' can read your password from the heat your fingertips leave behind
Replies
2
Views
667
News Archive
HarborFront
H
Ink
    • Like
    • +Reputation
Listening to keystrokes; Acoustic attack steals data with 95% accuracy
Replies
3
Views
1,070
News Archive
cartaphilus
cartaphilus
vtqhtr413
    • Wow
    • Like
    • Thanks
Technology Microsoft Edge may have changed your saved passwords to serial key-like strings
Replies
4
Views
535
Technology News
brambedkar59
brambedkar59

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top