Friday, November 1, 2024
HomeComputer SecurityThermanator Attack - Attackers can Steal Password and PINs Typed on Keyboards...

Thermanator Attack – Attackers can Steal Password and PINs Typed on Keyboards by Reading Thermal Residue

Published on

Malware protection

Thermanator attack based on the heat transfer that caused by the user while entering input data, such as typing a password on the keyboard.

We leave Thermal residue on various objects that include common input devices such as the keyboard, which we use to enter sensitive details.

Three researchers from the University of California published a paper describing their study on how the thermal residues collected from users who entered both weak and strong password can be recovered as late as 1 minute after entry.

- Advertisement - SIEM as a Service

If you are Hunt-and-peck typist then it is more dangerous, it is a method where the user searches for the key location in keyboard and pressing each key only with their index fingers.

Researchers conducted an experiment with “30 users entering 10 unique passwords (both weak and strong) on 4 popular commodity keyboards. Results show that entire sets of key-presses can be recovered by non-expert users.”

Attack Scenario – Thermanator attack

Thermanator attack is an insider attack, where an attacker needs to have a physical attack to the keyboard to collect thermal residues.

1. Victim enter’s a genuine password to log-in.
2. The victim may step away from the workplace.
3. An attacker using thermal imaging camera can harvest information from the keyboard.
4. By using the heatmap of the image, attackers can locate the keystrokes typed.

Thermanator attack

Researchers say Hunt-and-Peck Typists are highly vulnerable, they result in greater
heat transfer, due to longer contact duration with a larger contact area. For Touch typists, two factors confuse their thermal residues and make passwords harder to harvest.

Mitigation Against Thermanator attack

1. Users to swipe their hands along the keyboard after password entry.
2. On-screen keyboard.
3. Users could wear insulating gloves or rubber thimblettes over their fingers during password entry.

Researchers concluded that “Work described in this paper sheds some light on understanding the thermodynamic relationship between human fingers and external computer keyboards. In particular, it exposes the vulnerability of standard password-based systems to an adversarial collection of thermal emanations.”

More technical details can be found in the paper “Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry” published by researchers.

Also Read

Secure Cloud Migration Guide – Technical and Business Considerations

Best Ways to Protect Data From Cyber Attack & Recover Your Deleted Data in Your Personal Computer

What is DNS Attack and How Does it Work?

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

10 Best Linux Distributions In 2024

The Linux Distros is generally acknowledged as the third of the holy triplet of...

Digital Wallets Bypassed To Allow Purchase With Stolen Cards

Digital wallets enable users to securely store their financial information on smart devices and...

Top 10 Best Penetration Testing Companies & Services in 2024

Penetration Testing Companies are pillars of information security; nothing is more important than ensuring...