Thermal attack is a new term in an old world. The password is a private matter for each user to maintain their privacy and security, but there are some people who have devised cunning methods to reveal users’ passwords and hack their privacy; Such as simple methods such as eavesdropping or spying, and technical methods such as fake pages and viruses, or using certain tools such as “Flash Ripper” to steal passwords, until sensitive technical tools were combined with machine learning techniques to create what is known as a “heat attack”.
What is a heat attack?
Thermal attack is a process that targets keyboards, touch screens, and buttons to learn the entered passwords by the thermal effect left on them; The finger leaves a thermal imprint when it touches the screen or buttons, and this fingerprint is detected by the thermal camera, as it remains visible for 60 seconds after contact.
The researchers found that keys that were recently touched appear brighter; Which enables the identification of the sequence of numbers, letters, or even symbols that make up the password, and with this simplicity, passwords can be exposed and stolen, so what if artificial intelligence was used in this process?
Artificial intelligence and heat attack
Computer security specialists have developed a system that is able to guess the passwords of computer and smartphone users in seconds, and this technology works by analyzing the effects of heat left by fingers on keyboards and screens, and they trained an artificial intelligence model to read images effectively and make guesses about passwords in order to phish them. .
The “ThermoSecure” system is one of the most famous systems that rely on artificial intelligence to guess passwords, and access them through thermal images that were photographed in a period between 30 and 60 seconds after the finger touched the surface to be photographed.
This system was developed by a number of researchers from the University of Glasgow to demonstrate how lower prices for thermal cameras and increased access to machine learning and artificial intelligence techniques; lead to new risks.
Through studies conducted by a number of researchers, they found that ThermoSecure system was able to detect 86% of passwords when capturing thermal images within 20 seconds, 76% within 30 seconds, and reduced to 62% after 60 seconds of entering the information.
They also found that within 20 seconds, ThermoSecure was able to successfully guess 16-character long passwords, with an average of 67% of correct attempts.
The shorter the passwords, the higher the success rates; 12-character passwords were guessed 80% of the time, 8-character passwords 93% of the time, 6-character passwords were successful up to 100% of the attempts, so this method is a security threat Really must stand it.
Tools used in heat attack
The most important requirements for thermal attack thermal camera, in addition to machine learning techniques:
- The thermal camera has become easy to find and costs up to $225. It is also easy to use and does not require much experience.
- As for machine learning, it has become widely available and has wide fields; This allows many people to get involved and master it, and it allows people all over the world to develop a system similar to ThermoSecure with the goal of stealing passwords.
All of these tools need a person to use them, who carries the thermal camera, monitors the target, and shoots the keyboard or screen in order to analyze the thermal image and extract the password. This calls for caution from the people around us, who are the ones who make these tools effective.
Protection from thermal attacks
Because of the recent spread of these attacks, several teams have conducted research and studies on how these systems work and ways to protect against them.
The researchers found that users who type passwords slowly and hold their fingers on the keyboard for a long time were more likely to have their passwords guessed more accurately than those who typed their passwords quickly.
On the other hand, the material that was used to make the keyboard had a significant impact on the system’s ability to guess passwords, as ThermoSecure can accurately guess the passwords written on the ABS plastic keycaps by about 50%, with The success rate was drastically reduced to 14% when PPT keycaps were used.
Based on these studies, the best way to protect your passwords from these and any other attacks is to make the password a bit long and complex using uppercase and lowercase letters and numbers with symbols, so that it is difficult to guess in various ways.
The user can also use more secure methods by adopting alternative authentication methods such as fingerprint or facial recognition, which curbs heat attack methods and methods and enables to keep your privacy away from thieves and hackers.
The technological world is constantly evolving, and some people are using advanced and new methods in order to carry out illegal acts such as theft and espionage; This requires openness and knowledge of all new technologies and knowledge of their mechanism of action and how to protect against them in order to avoid the heat attack, and what may come after it.
