Technological progress in the hacker sector is very high. For this reason, cybersecurity researchers are working to reverse engineer and discover new techniques. This is the latest they have found.
Cybersecurity researchers have detailed a new attack technique that can steal passwords thanks to thermal imaging and artificial intelligence (AI). This would also be valid to reveal the pin of a card or an email.
These researchers have developed an artificial intelligence-based system that makes it possible to guess computer and smartphone passwords in seconds by examining the thermal signatures that fingertips leave on keyboards and screens called ThermoSecure; researchers at the University of Glasgow School of Computer Science have developed a system with a thermal camera and an algorithm that guesses the characters.
Using a thermal imaging camera to look at a computer keyboard, smartphone screen, or ATM keyboard makes it possible to take a photograph of the user that reveals the recent heat signature of fingers touching the device.
How to guess the password of the user in question
The brighter the area appears on the thermal image, the more recently it has been touched, meaning the image could be used to crack a user’s password or PIN code by analyzing where and when the keyboard or screen was connected.
Using ThermoSecure to analyze images using AI, 86% of passwords were revealed when thermal photos were taken within 20 seconds, 76% could be guessed using images within 30 seconds, and 62% could be discovered after 60 seconds.
The longer the password, the harder it was to crack, but it was still possible in most cases: 12-character passwords were guessed up to 82% of the time, and eight-character passwords up to 93%. So in your email, you have to put 12 or up.
Passwords of six characters or less were successfully cracked 100% of the time, which could make ATM PIN codes or shorter codes used to protect smartphones especially vulnerable to attack.12 cybersecurity terms that are often confused and that you should know
These are the new techniques used by hackers to circumvent improvements in cybersecurity.