Passwords protect your personal and financial information online. There is nothing a threat actor wants more than access to your passwords. To get your credentials, attackers will try phishing campaigns, brute force attacks, or malware. However, researchers have found it is also possible to trace fingerprint heat to crack passwords.
A team of cybersecurity experts in Scotland has created a new system that tracks password entries using thermal imaging and AI. According to the team, the AI can crack passwords instantly using this method.
The team calls the system ThermoSecure. It is able to analyze heat traces left when a person inputs a password on a computer keyboard or touchscreen. Brighter spots show up on heat-sensing images, showing where the user last touched the keyboard/screen.
Attackers could then guess passwords based on the letter, numbers, and symbols that the user has touched. While the exact password will not be known, the threat actor could then use software to narrow down potential combinations to find the correct credential.
Results
The team from the University of Glasgow and led by Dr. Mohamed Khamis used a machine-learning model to achieve the results. The AI learned using 1,500 thermal images from keyboard strokes to train.
ThermoSecure was able to crack 67% of passwords with 16 characters within 20 seconds. When the number of characters was reduced to 6 characters, the success rate w 100%. For 12 characters the hit rate was 82% and 93% for 8 characters.
Clearly, it is better to have a longer password than a shorter one. Typing style is important. Users who touch the keyboard for longer (“hunt-and-peck”) were cracked 92% of the time by ThermoSecure. Those who type faster (“touch-typists”) were cracked 80%.
Tip of the day: The Windows Sandbox gives Windows 10/11 Pro and Enterprise users a safe space to run suspicious apps without risk. In out tutorial we show you how to enable the Windows Sandbox feature.