Researchers at a university in the US have discovered that hackers can detect passwords based on the heat left by fingerprints on keyboards, according to a media report.
The report in Bleeping Computer said that researchers at University of California, Irvine found that hackers can use this technique, labelled “Thermanator”, to gain access to text, codes or even banking pins.
To execute the strike, the hacker places a thermal camera covering the victim’s keyboard. The footage is then used to detect which keys were pressed while typing in sensitive data.
After a set of keys have been identified by heat prints, they can be grouped together by the combination algorithm to arrive at the exact password match.
As part of trials, the university had 31 participants enter passwords on different keyboards, which were then asked to be identified by eight non-experts using thermal camera footage.
It was observed that the thermal data recorded within half a minute of entering the passwords was clear enough for the laypersons to decipher the passwords.
The researchers concluded that the thermal residue evaporates after a while and thus the attack takes a place within a window during which thermal prints can be harvested from computers and laptops to recover crucial information.
The researchers believe that this revelation will lead to a move away from passwords to more secure encryption methods.
“As formerly niche sensing devices become less and less expensive, new side-channel attacks move from ‘Mission: Impossible’ towards reality,” a researcher from the university was quoted as saying. “This is especially true considering the constantly decreasing cost and increasing availability of high-quality thermal imagers.”