Heat, a new weapon for hackers to flush out codes and passwords

Thanks to the heat left by the fingers on the keys of a keyboard or a smartphone, an Artificial Intelligence is able to discover the codes and passwords, even the most complex, according to researchers from the University of Glasgow, Scotland .

It is in fact possible to guess the passwords entered on a computer, a smartphone and above all an ATM, by analyzing the heat residues left by the fingers of the user when he typed his password. password or its code, they concluded in a study published by the specialized press. In order to carry out this technique, researchers at the University of Glasgow have developed a system called “Thermo Secure”, an experiment through which they have demonstrated that with thermal cameras and artificial intelligence, sometimes freely available, a A clever hacker can cheaply create a system to harvest device credentials in seconds.

For this to work, the user must have entered his password or his code a little before, the case for an ATM. The hacker uses a thermal camera to take a picture of the keyboard or the screen and it is by examining these areas that it is possible to determine the keys, letters or symbols used, but also their order of entry, they explain. . According to the researchers, even a neophyte who had been told how to decipher the thermal image could manage to find the password.

The image only needs to be taken between 30 seconds and one minute after the surface was touched. But the researchers decided to go further and automate password discovery using a machine learning algorithm. To feed it, they took 1,500 thermal photos of keyboards from different angles. Keyboards had just been used to type in passwords. Using probabilities, they were able to refine their model and achieve 86% efficiency in finding passwords 20 seconds after entering them. The figure drops to 62% after one minute, and these figures correspond to sixteen-character long passwords. When they do not exceed eight characters, the rate increases to 93%.

This method, which still requires being in the immediate vicinity of the target, should not be applicable for long on certain devices with the new protection systems without a password. There remains the case of vending machines which could be the target of future hacker-thieves.

While artificial intelligence has enabled advances in health, research and industry, in the wrong hands it can also be used for criminal purposes or disinformation.

Previous Post Next Post