New research coming out of the University of Glasgow has revealed that hackers could use body heat to crack your passwords.
While the risk of a "thermal attack" is slim, researchers have warned that it is getting cheaper and easier to access thermal imaging cameras. Using these cameras, alongside an A.I. algorithm, the Glasgow researchers found ways to uncover passwords based on the keys that participants typed into a keyboard.
The concerning tech was able to accurately guess passwords for up to a minute after they were typed into the keyboard. Speaking on the research, Dr Khamis, of the University of Glasgow’s School of Computing Science, said: “They say you need to think like a thief to catch a thief.
"We developed ThermoSecure by thinking carefully about how malicious actors might exploit thermal images to break into computers and smartphones."
As reported by the Daily Star, around 86% of passwords were cracked when thermal images were taken of the keyboard around 20 seconds after someone typed their password in.
Within 30 seconds, 76% of passwords were cracked and while the success rate dropped to 62% after 60 seconds it could still track passwords using heat.
What is a thermal attack on passwords?
Thermal attacks may occur after people type their passwords on a keyboard or their smartphone screen, leaving their device unprotected against heat-detecting systems.
Any passers-by equipped with a thermal camera can take a picture of your device and trace the heat signature of where fingers have touched the device, with areas appearing brighter the more recently it has been touched.
By measuring the intensity of the warmer areas, researchers found that people can even find out specific letters or symbols that make up a password and use it themselves to hack into your device.
The University of Glasgow researchers warned that with thermal cameras becoming more affordable "it's very likely that people around the world are developing systems in order to steal passwords."
How to prevent criminals from accessing our passwords
If your passwords are shorter, it's much easier for people to use thermal attacks to hack into your device.
According to research, six-symbol passwords were guessed correctly in 100% of attempts, while eight-symbol ones had success rates of 93% and twelve-symbol passwords were guessed right up to 82% of the time.
So, longer passwords of at least 16 characters are recommended wherever possible.
Your typing speed is also important as those who type slowly tend to leave their fingers on the keys for longer, creating heat signatures which last longer than faster touch-typists.
Users can make their devices more secure by adopting alternative authentication methods like facial recognition, multi-factor authentication or biometrics to mitigate risks of thermal attack.
Don't miss the latest news from around Scotland and beyond - Sign up to our daily newsletter here.
