Stealing passwords using thermal cameras and AI – Should we worry?


Is it possible to steal someone’s password using heat-detecting cameras and AI? Apparently, it is! Experts warn that criminals could use the thermal camera to crack passwords up to a minute after typing. They say that the cameras can reveal heat traces on user interfaces, such as keyboards, which can be exploited maliciously to infer sensitive input, such as passwords.

Taking advantage of a thermal image of a user interface, such as a keyboard or a touchscreen, to track heat traces and to determine the user’s sensitive input, such as passwords, PINs, or credit card numbers, is generally referred to as thermal attacks.

Thermal cameras, unlike regular cameras, can reveal information without requiring the attacker to interact with the targeted victim, be present during the authentication attempt, or plant any tool that can be linked to the attacker, potentially exposing them. Such information includes heat residues left by the user during authentication, which can be retrieved using thermal cameras.

Having acquired a thermal image of a keyboard or touchscreen after authentication, the attacker can then analyze the heat map and exploit it to uncover the entire password or pattern. Even without knowing the order of the keys, it is possible to significantly reduce the search space, which means fewer attempts are required to guess a password. Even if the order of the keys is unknown, it can significantly reduce the search space, requiring fewer attempts to guess a password.

How do thermal attacks work?

To prove this, a group of computer security researchers at the University of Glasgow’s School of Computing Science in the UK have developed an AI-driven system called ThermoSecure that uses thermal images in combination with artificial intelligence (AI) to make informed guesses of what the password could be. The system could guess your passwords from the heat you leave behind on your keyboard. The area was touched more recently if it appears brighter in the thermal image.

The researchers also used the system to guess PINs and passwords on ATM keypads, smartphone screens, and computer keyboards. Their findings are astounding: 86% of passwords were revealed when thermal images were taken within 20 seconds, 76% when images were taken within 30 seconds, and 62% when images were taken after 60 seconds.

The researchers were able to decrypt two-thirds of passwords up to 16 characters using ThermoSecure. Shorter ones made it even simpler; 12-character passwords could be guessed up to 82% of the time, and eight-character passwords up to 93%. Six characters or fewer passwords were successfully guessed 100% of the time.

According to the researchers, ThermoSecure integrates deep learning to –

  1. determine the placement of keyboards in thermal images using Mask RCNNs
  2. determine which keys were pressed on the keyboard, including accurate detection of keys that were pressed multiple times using K-mean clustering
  3. distinguish which keys were part of a username and which were part of a password entry, and
  4. determine the order in which the keys were pressed to produce a list of the most likely user input using probability functions.

The researchers trained and evaluated the models using a dataset of 1500 thermal images taken in realistic conditions and made publicly available.

The demonstration is a clear warning that short passwords and PINs, such as the ones we use to access our bank accounts at an ATM, are particularly vulnerable. Since access to thermal–imaging cameras are becoming more affordable than ever because they can be found for less than ($220), and increasing access to machine learning and artificial intelligence (AI) algorithms, tools like this will soon become a big challenge, creating new opportunities for cybercriminals to unleash thermal attacks, the researchers warned.

Since higher accuracy under different contexts can be achieved by leveraging deep learning techniques, it is more likely that attackers will employ it to improve their thermal attacks. Thus, there is a need to understand how successful thermal attacks can be if attackers employ more advanced methods for analyzing thermal images and how users’ behavior and input properties impact the success of thermal attacks.

How to overcome thermal attacks

Now, how do we make passwords more secure against thermal attacks? Various factors explain why thermal attacks are more successful in some cases but may fail in others. These factors can be classified into two types:

  • factors related to the input, such as the password length,
  • user typing behavior, and
  • factors related to the interface, such as the material out of which the keycaps are made and their thermal conductivity, which in turn impact how fast heat traces decay of the keys.

These factors can influence the feasibility of thermal attacks. The password length has a significant main effect on the accuracy of the guessed password. In particular, short and medium passwords are particularly vulnerable to thermal attacks (up to 100% attack success). Longer passwords are more secure against thermal attacks. Users’ typing behavior also significantly impacts the quality of information obtained from the thermal traces. As a result, typing behaviors make the users more vulnerable to thermal attacks. The heat traces can be easily distorted if the users enter random input after entering their passwords.