A recently developed system called ThermoSecure, is developed by researchers from the University of Glasgow, and it is said to have the ability to detect users’ password using thermal imaging cameras and AI.
First, it uses a thermal camera to take a picture of a keyboard, number pad or smartphone. Then, by analyzing the relative heat of the different buttons, the system can determine the keys that were pressed to enter the password, and it can also determine the order in which they were pressed. Here is where the AI comes in with analyzing the image. The AI is trained with 1,500 thermal photos of recently used keyboards, and it is capable of making an informed guess about the password by applying a probabilistic model.
The shortcoming is that the success rate depends heavily on factors such as the time difference between when the password was entered and when the picture was taken. The material of the keyboard and the length of the the password also affect the success rate. The current success rate in general is 86% when thermal images are taken within 20 seconds, 76% when within 30 seconds and 62% after 60 seconds of entry.
This research is getting more and more relevant in times in which thermal sensors get more affordable and AI is evermore accessible and advanced. The question of whether or not the traditional preventions against these attacks, such as long passwords, will still stand effective as AI advances, is worth looking into in the field of cybersecurity. Alternative modes of authentication that provides other solutions, such as facial recognition or fingerprint, are probably going to face the same challenge in the near future.
Source:
Glasgow, U. o. (2022, Oct 10). AI-driven ‘thermal attack’ system reveals computer and smartphone passwords in seconds. Retrieved from Tech Xplore: https://techxplore.com/news/2022-10-ai-driven-thermal-reveals-smartphone-passwords.html
AI stealing password
16
October
2022
Interesting. So, the elders were right. Every time after entering their passwords, my parents would always mess around with the keyboard a few times. Now their behavior makes more sense.
Interesting functionality, but I don’t understand the application(s) for it I’m afraid, nor is it explained in the article. So, Zi-Xin, could you elaborate on the applications for this technology and what kind of organisations may be interested in it? I don’t see criminals walking around in a café with a thermal imaging gun trying to steal people’s passwords.
On the other hand, for facial recognition and fingerprints, I see how AI could be used to endanger security; AI learning from faces and fingerprints to compose a fake face or fingerprint that the facial recognition or fingerprint technology cannot distinguish from reality.