If you’re typing your password on a computer keyboard, you’re leaving heat traces behind that could be picked up by hackers. By using a thermal imaging camera and scanning your computer keyboard after you typed your password, researchers at the University of California, Irvine discovered that key presses can be recovered as late as 30 seconds after the first key was pressed with off-the-shelf solutions from FLIR. The researchers published their findings on attacks by thermal imaging in a paper titled “Thermanator.”
“Although thermal residue dissipates over time, there is always a certain time window during which thermal energy readings can be harvested from input devices to recover recently entered, and potentially sensitive, information,” the researchers wrote.
This style of attack was tested on four keyboards, and researchers found that a full password can be obtained by scanning thermal residues on keyboards within 30 seconds of the first key being entered. And after one minute, partial passwords can be obtained from the thermal scans. For their experiment, researchers set the infrared heat-detecting FLIR cameras on a tripod 24 inches away from the keyboard.
FLIR makes several models of its infrared cameras that capture heat. The basic model, called the FLIR One Pro, is a $400 accessory that is available as a smartphone attachment. Some phones, like the CAT S61, also ships with the FLIR camera module embedded.
Thirty non-expert users tried to guess the password based on the infrared thermal imaging scans. When “hunt and peck” typists entered their passwords, researchers found that the participants were able to guess secure passwords between 19.5 and 31 seconds after initial entry by examining the infrared thermal scans. Weak passwords, such as “football” and “12341234” can be obtained an average of 25.5 seconds and 45.25 seconds, respectively. Conversely, for touch typists, the “12341234” password was deemed the best of the tested combination in the study, requiring non-experts 47.6 seconds on average to guess, TechRepublic reported.
UC Irvine researchers concluded that hunt and peck typists were the most susceptible to Thermantor-style. By using just their forefingers to type, they leave a larger fingerprint on each key, leaving behind more heat trace. Because touch typists rest their fingers on the row of home key on a keyboard, they generate more thermal noise, making it difficult to analyze heat traces using the FLIR camera. However, those with acrylic fingernails are more immune to Thermanator attacks, because they type with the tip of their fingernails, leaving no heat traces behind on the keycaps.
“The main takeaway of this work is three-fold: (1) using external keyboards to enter (already much-maligned) passwords is even less secure than previously recognized, (2) post factum (planned or impromptu) thermal imaging attacks are realistic, and finally (3) perhaps it is time to either stop using keyboards for password entry, or abandon passwords altogether,” researchers said.
Additionally, if you have to enter your password in a public environment, one method to keep your information secure is to use two-factor authentication.