Advanced technologies and artificial intelligence (AI) are constantly advancing, potentially making it easier for hackers to gain access to your passwords. Thermal cameras, aided by AI, could be used to detect the individual keys you press when entering the password into a computer or other device.
In a recent study conducted by a team at the University of Glasgow, they studied how this AI, as opposed to simply visually inspecting the data, can be used to accurately process thermal images showing left-over traces of heat from when key presses were made on keyboards. After testing the system named ThermoSecure on 1,500 photos of keyboards, their results showed that keyboard typists were more vulnerable to thermal attacks.
When inputting their passwords, users will require a thermal camera – the most basic of which start around $150 – and relevant AI software. This software works with object detection based on the Mask RCNN, mapping the thermal image to the keyboard, taking into consideration variables like keyboard localization and the order of the key presses.
The specific material that each key is made up of was found to have a drastic impact on the reliability of the thermal attack. The commonly used copolymer plastic, Acrylonitrile Butadiene Styrene (ABS), resulted in more durable heat traces when a key was pressed. Consequently, attacks on ABS keys had an average accuracy rate of 52%, whilst those taken from keys made with PBT had an average accuracy of only 14%.
In light of these findings, it is important for users to consider steps to protect themselves from such cyber-attacks. With that in mind, passwords should be of greater length, and typing speed should be increased from a hunt-and-peck style of typing. Other solutions include keyboards with backlit keys, as the added heat can help to mask the traces left behind by the keys when pressed.
Ultimately, the most secure route available is to opt out of passwords entirely and move towards a passwordless, biometric system. Even with complex passwords, generated through password generator tools and stored with a quality password manager, passwordless options can provide a greater degree of security.