Casa > cibernético Notícias > Thermanator Attack Uses Thermal Residue from Keyboards to Steal Your Passwords

Thermanator Ataque Usa Resíduos térmica a partir de teclados para roubar suas senhas

Um novo tipo de ataque poderia permitir que um ator malicioso com uma câmera térmica de gama média a teclas de captura pressionada em um teclado padrão. A descoberta foi feita por três professores da Universidade da Califórnia. Em outras palavras, our fingers’ thermal residue on keyboard keys can be recorded by a hacker who can later use it to reveal the user’s passwords or any other text he/she has typed.

Story relacionado: Lip Passwords – The New Trend in Biometric Security

The Thermanator Attack Explained

If you type your password and walk or step away, someone can learn a lot about it after-the-fact,” said Professor Gene Tsudik of the academic team.

The attack has been called Thermanator and it can be used to retrieve sensitive user information such as passwords and PINs, as well as short strings of text. The Thermanator attack requires several conditions to be met in order to function properly. Primeiro, attackers need to place a specialized camera with thermal recording capabilities near the victim. The camera should also be able to capture the keys of the victim’s keyboard, otherwise it won’t work.

According to the researchers’ explanation of the Thermanator attack (Vejo papel), it is a distinct type of insider attack, where a typical attack scenario proceeds in the following steps:

DEGRAU 1:The victim uses a keyboard to enter a genuine password, as part of the log-in (or session unlock) procedimento.
DEGRAU 2:Shortly thereafter, the victim either: (1) willingly steps away, ou (2) gets drawn away, from the workplace.
DEGRAU 3:Using thermal imaging (v.g., photos taken by a commodity FLIR camera) the adversary harvests thermal residues from the keyboard.
DEGRAU 4:At a later time, the adversary uses the “heat map” of the images to determine recently pressed keys. This can be done manually (i.e., via visual inspection) ou automaticamente (i.e.,
via specialized software).

With these requirements being met, the attacker becomes able to uncover keys pressed by the victim even without special hacking knowledge. The captured keys can be assembled into possible strings and can be deployed in a dictionary attack. A dictionary attack is a popular technique for deciphering ciphers and authentication mechanisms by attempting to determine the decryption key or passphrase. This is done by using hundreds or even millions of likely possibilities.

The researchers carried out several experiments where they had 31 users enter passwords on four different keyboard models. Então, eight non-experts in hacking were asked to obtain the set of pressed keys using the recorded data from the thermal camera. The results of these tests revealed that thermal data recorded up to 30 seconds after the text entry is sufficient for an unprofessional attacker to recover entire set of keys the targeted user has pressed.

If you are the type of user who presses one key at a time using only two fingers are more susceptible to the Thermanator attack.

Story relacionado: Tracking Scripts Exploit Browsers’ Built-In Password Managers

Is there any conclusion to the researchers’ Thermanator discovery?

pouco colocá, the research “exposes the vulnerability of standard password-based systems to adversarial collection of thermal emanations”. Based on the results of the study, the researchers believe that these attacks “represent a new credible threat for password-based systems”, suggesting that it may be time to re-evaluate the use of passwords.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar