Thermal Scans Capable Of Cracking Passwords; Here's How You Can Trick Them

Hackers stealing login details and cracking passwords have become a grave threat to citizens around the world. Now researchers have added one more tool that can simplify the process. The tool is rather simple and scarily effective even in its early stages of development. But users can still safeguard themselves from these and other tools that try to steal credentials.

Cybersecurity experts in Scotland have managed to turn a simple tool into a password-cracking machine. When combined with the power of AI (Artificial Intelligence) and ML (Machine Learning), the platform is able to guess passwords with alarming accuracy.

Simple Thermal Scans And AI Can Confidently Guess Passwords

Researchers at the University of Glasgow have developed ThermoSecure. They claim the platform accepts thermal imaging scans and analyzes them to compromise security. The platform can help break into computers and smartphones. The recently completed study has been published in the peer-reviewed journal ACM Transactions on Privacy and Security.

ThermoSecure is basically a combination of two individual technologies. When combined, they can be used for nefarious purposes, suggested Mohamed Khamis, an associate professor of computing science at the University of Glasgow.

"They say you need to think like a thief to catch a thief. We developed ThermoSecure by thinking carefully about how malicious actors might exploit thermal images to break into computers and smartphones."

The ThermoSecure platform observes the traces of heat left by a person's fingertips when they enter their password on a keyboard or mobile device. Thermal scans reveal which areas have been touched, based on the heat that transmits from the user's fingertips to the device. Brighter areas in the scan reveal locations that were touched more recently. This makes it possible to guess the specific letters, numbers, and symbols that were used.

The team behind ThermoSecure then fed an AI engine 1,500 thermal images of recently used QWERTY keyboards. Machine Learning allowed the AI algorithm to accept, read, understand, and process the thermal scans. The tool is now ready to observe the patterns and make "informed guesses" about potential passwords.

Passwords, Hardware, And User Habits To Stay Safe

The ThermoSecure platform is alarmingly accurate. Researchers claim, under lab conditions, the platform was able to correctly guess 86% of passwords. The accuracy varied with the time that elapsed between entering the passwords and recording the thermal scans. If the team could obtain a scan after 60 seconds of a user entering a password, the accuracy fell to 62%.

As expected, the AI algorithm struggled with longer passwords. This is the simplest but most effective method to secure an account. Lengthy and complex passwords are way harder to crack than commonly used or simple passwords. Using symbols and special characters makes the password even more complex. This makes cracking the password harder, if not impossible.

The researchers even offered an interesting insight that could help smartphone users to protect their devices. It is obvious that smartphone users must never hand over their devices to other people. But users must develop the habit of entering their unlock codes quickly.

Even device manufacturers can help to defeat hackers who might use thermal scans for hacking. The ThermoSecure platform struggled with devices made from PBT (Polybutylene terephthalate) plastics but had better success with devices made from ABS (Acrylonitrile Butadiene Styrene) plastics. Interestingly, laptops with backlit keyboards are more secure than others because the backlighting produces heat, obscuring thermal scans.

Access to thermal scanners is no longer difficult or expensive. Moreover, CPUs, GPUs which were once reserved for businesses performing complex functions, are now in the hands of consumers. In simple words, hackers have relatively easy access to powerful hardware and sophisticated software tools. Hence it is strongly advised to stay alert for any suspicious activity, and use only trusted hardware, software, and services.