Researchers from the University of Glasgow (UK) have demonstrated a method by which hackers can gain access to a password entered on a smartphone screen, computer keyboard or even an ATM. Scientists have developed an artificial intelligence system called ThermoSecure that can recover recently entered passwords from thermal images. Theoretically, a hacker with a thermal imaging camera near the user could take a photo of the surface where the password was entered and recover it. Recently touched areas look brighter in such a picture. The researchers found that by measuring the relative density of warmer regions, it was possible to determine certain letters, the number of characters that make up a password, and the order in which they were entered.

According to one study, the ThermoSecure system was able to recover approximately 86% of passwords entered 20 seconds ago. The share of successfully cracked passwords entered 30 seconds ago was 76%. A minute later, the number of successful hacks dropped to 62%. Also, the number of characters in the password affected the success of the attempts: within 20 seconds, the system can successfully attack even long 16-character passwords – scientists got 67% of correct attempts. Success rates increased as passwords got shorter: ThermoSecure guessed 82% of 12-character passwords, 93% of 8-character passwords and 100% of 6-character passwords.

Leading the development of ThermoSecure technology, Dr. Mohamed Khamis noted that thermal imaging cameras are more affordable than ever, and machine learning is also becoming more accessible. Therefore, people around the world are likely to develop systems similar to ThermoSecure to steal passwords. Therefore, scientists from the University of Glasgow will continue to refine their technology to try to stay one step ahead of the attackers. Dr Khamis also said that longer passwords that are difficult to guess should be used, and alternative authentication methods such as fingerprint or face recognition should be used. Source