A paper will be published that it is possible to steal passwords with infrared cameras and AI
The development of safety measures to protect data security and hacking methods to break it is a cat-and-mouse game, and methods to steal data using
ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer Keyboards | ACM Transactions on Privacy and Security
https://doi.org/10.1145/3563693
University of Glasgow - University news - AI-driven 'thermal attack' system reveals passwords in seconds
Thermal Cameras and Machine Learning Combine to Snoop Out Passwords | Tom's Hardware
The basic principle of 'ThermoSecure', a hacking technology based on heat and AI announced by a research team at the University of Glasgow, UK, is to shoot the keyboard with an infrared camera and guess the key input from the heat of the finger transmitted by keystroke. .
by University of Glasgow
As a result, it is possible to steal a 6-character password with an average accuracy of 92%, 80% for 8 characters, 71% for 12 characters, and 55% for 16 characters. In addition to being able to read with an average accuracy of 62% even after 1 minute from input, accuracy reached 100% under the condition of 6 characters within 20 seconds from input.
by University of Glasgow
According to the research team, a set of equipment such as an infrared camera necessary for shooting the keyboard can be procured for around $ 150 (about 20,000 yen). In terms of AI software, key inputs are detected by
Research has also devised a way to prevent ThermoSecure. The research team points out that ``users who type their index fingers while looking at the keyboard are vulnerable to heat hacking,'' and on the contrary, by quickly entering long passwords, it is difficult to guess key inputs. It is considered possible to
In addition, since ABS resin retains heat longer than PBT resin, it is possible to reduce the accuracy of guessing by selecting a keyboard made of PBT resin where finger heat is less likely to remain. In addition to using a keyboard with a backlight that generates heat, you can prevent the keyboard from being photographed with an infrared camera by not moving from the front of the keyboard for at least 1 minute after entering the ID and password. You can prevent it.
by University of Glasgow
Tom's Hardware, an IT news site that covered the research paper, said, ``Such a thermal attack boasts surprisingly high accuracy even after tens of seconds have passed since the user left the keyboard. While this is best, there are certainly many other skimming techniques out there, and your best bet against these password and PIN guessing techniques is to deploy biometrics and multi-factor authentication. , Preventing unauthorized access to the device by not leaving the laptop or smartphone unattended immediately after entering the password is also effective in stopping attacks.'
Related Posts:
