Alongside a plethora of previously established ways to invade computer systems whose protection is already highly questionable, IT whizz-kids found another trick for breaking our passwords and entering our inboxes, the one that is different from everything we’ve seen so far.
According to the researchers from the University of California, there is very little we can do about this, for it is our own body heat that gives our personal information away. Namely, when someone inputs a sensitive piece of information (like a password), the track of our body temperature remains on the keyboard for the hack prodigies to collect and get information from.
The password-snatching technique, wittily called “Thermanator”, uses a thermal imaging camera to inspect the keyboard right after the typing of the sensitive data. As Digital Trends recounted, they came to an astonishing conclusion that the treasured information can be recovered within 30 seconds after typing the first character. After this shocking development, we have to ask ourselves how safe any data we store in our computers really are.
Critical 30-Second Time Frame
At least being so kind as to warn us by issuing their findings in a bulletin named “Thermanator”, the researchers pointed out that, even though the heat traces disperse soon after, there is always a certain critical time frame during which the aforementioned information can be exposed by analyzing the typing patterns through body heat.
After thirty-one participants have used four keyboards to test the technique, it has been decided that when scanning takes place 30 seconds after typing, it takes only a minute to recover partial passwords. The tests were carried out using the special infrared devices whose sensors detect body heat – they were set on a tripod about 60 cm from the keyboard which was being scanned. The results were, to say the least, astounding.
Results And Consequences
Thirty unrelated participants were brought in to check the results by trying to assume the passwords using the scan data. To say that their success rate is disturbing would be an understatement, since the people who had nothing to do with hacking were able to guess passwords quite quickly – the weakest ones were cracked in approximately twenty-five seconds, whereas a bit stronger ones were deciphered in about forty-five, which means that an average layman could find out confidential data in no time using this method – if you let that fact sink in, it is pretty discouraging. This research ultimately led to three conclusions.
First of all, it is evident that external keyboards can be even more harmful than it was previously thought, which says a lot, having in mind they had a very bad reputation, to begin with.
Second of all, we have to be aware that these attacks are the fact of the matter, a part of our reality, which is going to become increasingly common. The final notion is simultaneously a warning that this kind of attack can provide access to codes, pins, and texts – the fact which should make us think about either abandoning keyboards as input devices, or forsaking passwords in general.