Your body heat can help attackers steal your password in new attack

If you’re typing your password on a computer keyboard, you’re leaving heat traces behind that could be picked up by hackers. By using a thermal imaging camera and scanning your computer keyboard after you typed your password, researchers at the University of California, Irvine discovered that key presses can be recovered as late as 30 seconds after the first key was pressed with off-the-shelf solutions from FLIR. The researchers published their findings on attacks by thermal imaging in a paper titled “Thermanator.”

“Although thermal residue dissipates over time, there is always a certain time window during which thermal energy readings can be harvested from input devices to recover recently entered, and potentially sensitive, information,” the researchers wrote.

This style of attack was tested on four keyboards, and researchers found that a full password can be obtained by scanning thermal residues on keyboards within 30 seconds of the first key being entered. And after one minute, partial passwords can be obtained from the thermal scans. For their experiment, researchers set the infrared heat-detecting FLIR cameras on a tripod 24 inches away from the keyboard.

FLIR makes several models of its infrared cameras that capture heat. The basic model, called the FLIR One Pro, is a $400 accessory that is available as a smartphone attachment. Some phones, like the CAT S61, also ships with the FLIR camera module embedded.

Thirty non-expert users tried to guess the password based on the infrared thermal imaging scans. When “hunt and peck” typists entered their passwords, researchers found that the participants were able to guess secure passwords between 19.5 and 31 seconds after initial entry by examining the infrared thermal scans. Weak passwords, such as “football” and “12341234” can be obtained an average of 25.5 seconds and 45.25 seconds, respectively. Conversely, for touch typists, the “12341234” password was deemed the best of the tested combination in the study, requiring non-experts 47.6 seconds on average to guess, TechRepublic reported.

UC Irvine researchers concluded that hunt and peck typists were the most susceptible to Thermantor-style. By using just their forefingers to type, they leave a larger fingerprint on each key, leaving behind more heat trace. Because touch typists rest their fingers on the row of home key on a keyboard, they generate more thermal noise, making it difficult to analyze heat traces using the FLIR camera. However, those with acrylic fingernails are more immune to Thermanator attacks, because they type with the tip of their fingernails, leaving no heat traces behind on the keycaps.

“The main takeaway of this work is three-fold: (1) using external keyboards to enter (already much-maligned) passwords is even less secure than previously recognized, (2) post factum (planned or impromptu) thermal imaging attacks are realistic, and finally (3) perhaps it is time to either stop using keyboards for password entry, or abandon passwords altogether,” researchers said.

Additionally, if you have to enter your password in a public environment, one method to keep your information secure is to use two-factor authentication.

Computing

Was your Facebook account hacked in the latest breach? Here’s how to find out

Facebook now reports that its latest data breach affected only 30 million users, down from an initial estimate of 50 million accounts. You can also find out if hackers had accessed your account by visiting a dedicated portal.
Home Theater

TV calibration 101: Here's how to tune up the picture on your new TV

You’ve got your new TV out of the box, but now what? Our TV picture adjustment guide takes you through the simple steps to get the best picture from your brand-new TV so you can set it and forget it.
Cars

GPS units aren't dead! Our favorite models still do things your phone can't

Love hitting the open road but hate having to rely solely on your phone for getting around? Thankfully, the best in-car GPS systems will allow you to navigate and capitalize on a range of features sans your cellular network. Here are our…
Mobile

Google Assistant will now show you a visual ‘snapshot’ of your day

Google announced a few updates to Google Assistant. Notably, Assistant will now show you a visual snapshot of your day, meaning you can see things like calendar events and recommended events straight from Assistant.
Gaming

Apple Mac users should take a bite out of these awesome games

Contrary to popular belief, there exists a bevy of popular A-list games compatible for Mac computers. Take a look at our picks for the best Mac games available for Apple fans.
Emerging Tech

MIT is building a new $1 billion college dedicated to all things A.I.

Massachusetts Institute of Technology (MIT) has announced a new $1 billion college of computing designed to offer the best possible education to future machine learning A.I. experts.
Photography

Remove photo bombs, other unwanted objects with Photoshop’s new Content-Aware Fill

Photoshop's newest A.I-powered tool helps remove objects or fill in gaps for a distraction-free photo in the new Adobe Photoshop CC 2019. Here's how to remove an object in Photoshop using the new Content-Aware Fill.
Web

Feed your fandom: These are the best YouTube channels for sports lovers

If you're a cable cutter who still wants to enjoy quality sports highlights and analysis, YouTube is the place to go. There are plenty of great sports-centric channels on YouTube, each of which provides great highlights and top-shelf…
Photography

Adobe Premiere Rush CC is the cloud-based video editing app you've been waiting for

On stage at Adobe MAX 2018, Adobe announced its cloud-centric, social video-editing application, Adobe Premiere Rush CC. We took some time to put it through its paces to see what it offers, how it works, and what's missing.
Social Media

YouTube is back after crashing for users around the world

It's rare to see YouTube suffer serious issues, but the site went down around the world for a period of time on October 16. It's back now, and we can confirm it's loading normally on desktop and mobile.
Computing

Winamp eyes big comeback in 2019 with podcast, streaming support

Classic audio player Winamp is getting a major overhaul in 2019 that's designed to bring it up-to-date and make it competitive with the likes of Apple Music, Amazon Music, Spotify, Audible, and more, all in one go.
Computing

Is the Pixelbook 2 still happening? Here's everything we know so far

What will the Pixelbook 2 be like? Has the Pixel Slate taken its place? Google hasn't announced it, but thanks to rumors and leaks, we think we have a pretty good idea of what the potential new flagship Chromebook will be like.
Photography

Adobe MAX 2018: What it is, why it matters, and what to expect

Each year, Adobe uses its Adobe MAX conference to show off its latest apps, technologies, and tools to help simplify and improve the workflow of creatives the world over. Here's what you should expect from this year's conference.
Computing

Problems with Microsoft’s Windows October 2018 Update aren’t over yet

Microsoft's Windows 10 October 2018 update is not having a great launch. More than two weeks after its debut and Microsoft is still putting out fires as new bugs are discovered and there's no sign of its re-release as of yet.