Thermal Attacks

A group of researchers from Stuttgart University and Munich University LMU has prepared an interesting report (PDF), which will be officially presented at the conference ACM CHI 2017, may 2017. Researchers have created a method of “thermal attack”, which allows you to steal other people’s PIN codes, patterns and passwords, using a thermal imaging camera.

Image result for thermal attack pin

The researchers explain that the mobile cameras nowadays are becoming smaller and more accessible (for example, a smartphone with a built-in imager CAT S60). Today portable thermal imaging camera with a sensitivity of 0.05 degrees Celsius can be purchased for $400. And this increases the risk of a completely new type of attacks. The fact that after entering of PIN-code or graphical password on a mobile device or, for example, buttons, door lock, remains of a heat trail from the user’s hand, which is visible still for about 30 seconds after dialing.

Modern imager (the researchers used a thermal imaging camera with a sensitivity of 0.04 degrees Celsius), is able to “extract” the data. So, the researchers propose to make the thermal prints are preserved on the device or on the combination lock, immediately after dialing the code. Then, researchers created software that converts the image to black and white picture, cuts out unwanted noise, leaving only the thermal traces and analyzes the image, restoring the dialing sequence.

Analysis of the obtained image

In the end, the software recognizes the PIN with a probability of 72% to 100%. It all depends on how soon after entering the code was done the thermal prints. If less than 15 seconds, the success rate is 90%. Graphic patterns (no overlap) the program reads even better, with a probability of 100%. The video below demonstrates this attack to work.

The researchers write that to protect themselves from “thermal attack” is possible. For example, it is sufficient to sweep the screen of the device or to the castle to destroy the remaining heat signatures. Also, during password entry, you can increase the display brightness to max or run on the device to any resource-intensive process, which will cause the heating system, which also will significantly reduce the visibility of thermal prints.

Leave a Reply

Your email address will not be published. Required fields are marked *