How to Conduct a Keyboard Attack

Friday, July 6, 2018 @ 04:07 PM gHale

Thermal image of “passw0rd” 20 seconds after entry.

A new approach harvesting thermal energy can illuminate recently pressed keys, showing keyboard-based password entry is even less secure than previously thought.

By exploiting thermal residue from human fingertips, there is a new type of insider attack called the Thermanator.

Sensors for Smarter, Safer Spans
Deep Learning Means Enhanced Detection
Surveillance Cameras can ‘Talk’ to Public
How to Protect Wireless Devices from Hackers

“It’s a new attack that allows someone with a mid-range thermal camera to capture keys pressed on a normal keyboard, up to one minute after the victim enters them,” said UC Irvine Chancellor’s Professor of Computer Science Gene Tsudik. “If you type your password and walk or step away, someone can learn a lot about it after-the-fact.”

Tsudik worked with computer science Ph.D. students Tyler Kaczmarek and Ercan Ozturk from UC Irvine’s Donald Bren School of Information and Computer Sciences (ICS) on the project.

Their paper, “Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry,” outlines a two-stage user study they conducted, collecting thermal residues from 30 users entering 10 unique passwords (both weak and strong) on four popular commodity keyboards.

Results from the study show entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as one minute after entry. The study further revealed hunt-and-peck typists are particularly vulnerable.

Password “iloveyou” entered by a Hunt-and-Peck typist.

Mitigation strategies, such as swiping your hands over the keyboard after password entry or selecting characters with the mouse could help, the researchers said. Regardless, based on the study results, they conclude “Thermanator Attacks” represent a new credible threat for password-based systems.

“As formerly niche sensing devices become less and less expensive, new side-channel attacks move from ‘Mission: Impossible’ towards reality,” they said.

Leave a Reply

You must be logged in to post a comment.