short-paper

Open access

Thermanator: Thermal Residue-Based Post Factum Attacks on Keyboard Data Entry

Authors:

Tyler Kaczmarek,

Gene TsudikAuthors Info & Claims

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Pages 586 - 593

https://doi.org/10.1145/3321705.3329846

Published: 02 July 2019 Publication History

Abstract

Being warm-blooded mammals, we humans routinely leave thermal residues on various objects with which we come in contact. This includes common input devices, such as keyboards, that are used for entering (among other things) secret information, such as passwords and PINs. Although thermal residue dissipates over time, there is always a certain time window during which thermal energy readings can be harvested from input devices to recover recently entered, and potentially sensitive, information. To-date, there has been no systematic investigation of thermal profiles of keyboards, and thus no efforts have been made to secure them. This serves as our main motivation for constructing a means for password harvesting from keyboard thermal emanations. Specifically, we introduce Thermanator, a new post factum insider attack based on heat transfer caused by a user typing a password on a typical external keyboard. We conduct and describe a user study that collected thermal residues from 30 users entering 10 unique passwords (both weak and strong) on 4 popular commodity keyboards. Results show that entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as 1 minute after entry. Furthermore, we find that Hunt-and-Peck typists are particularly vulnerable. The take-away of our work is three-fold: (1) using keyboards to enter passwords is even less secure than previously recognized, (2) post factum (either planned or impromptu) thermal imaging attacks are realistic, and (3) we should either stop using keyboards for password entry, or abandon passwords altogether.

References

[1]

Dmitri Asonov and Rakesh Agrawal. 2004. Keyboard acoustic emanations. In Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on. IEEE, 3--11.

[2]

AC Burton. 1939. The range and variability of the blood flow in the human fingers and the vasomotor regulation of body temperature. American Journal of Physiology-Legacy Content, Vol. 127, 3 (1939), 437--453.

[3]

Aviv et al. 2010. Smudge Attacks on Smartphone Touch Screens. Woot, Vol. 10 (2010), 1--7.

Digital Library

[4]

Andriotis et al. 2013. A pilot study on the security of pattern screen-lock methods and soft side channel attacks. In Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks. ACM, 1--6.

Digital Library

[5]

Abdelrahman et al. 2017. Stay cool! understanding thermal attacks on mobile-based user authentication. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, 3751--3763.

Digital Library

[6]

Brudy et al. 2014. Is anyone looking? mitigating shoulder surfing on public displays through awareness and protection. In Proceedings of The International Symposium on Pervasive Displays. ACM, 1.

Digital Library

[7]

Compagno et al. 2017. Don't Skype & Type!: Acoustic Eavesdropping in Voice-Over-IP. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. ACM, 703--715.

Digital Library

[8]

Dai et al. 2004. Comparison of human skin opto-thermal response to near-infrared and visible laser irradiations: a theoretical investigation. Physics in Medicine & Biology, Vol. 49, 21 (2004), 4861.

[9]

Kumar et al. 2007. Reducing shoulder-surfing by using gaze-based password entry. In Proceedings of the 3rd symposium on Usable privacy and security. ACM, 13--19.

Digital Library

[10]

Mowery et al. 2011. Heat of the moment: Characterizing the efficacy of thermal camera-based attacks. In Proceedings of the 5th USENIX conference on Offensive technologies. USENIX Association, 6--6.

Digital Library

[11]

Mickelberg et al. 2014. US cybercrime: rising risks, reduced readiness key findings from the 2014 US State of Cybercrime Survey. US Secret Service, National Threat Assessment Center. Pricewaterhousecoopers (2014).

[12]

Owusu et al. 2012. ACCessory: password inference using accelerometers on smartphones. In Proceedings of the Twelfth Workshop on Mobile Computing Systems & Applications. ACM, 9.

Digital Library

[13]

Pyda et al. 2004. Heat capacity of poly (butylene terephthalate). Journal of Polymer Science Part B: Polymer Physics, Vol. 42, 23 (2004), 4401--4411.

[14]

Peters et al. 2009. Diminutive digits discern delicate details: fingertip size and the sex difference in tactile spatial acuity. Journal of Neuroscience, Vol. 29, 50 (2009), 15756--15761.

[15]

Sidhu et al. {n.d.}. Study of potential attacks on rubber PIN pads based on mobile thermal imaging. ( {n.,d.}).

[16]

Song et al. 2001. Timing analysis of keystrokes and timing attacks on ssh. In USENIX Security Symposium, Vol. 2001.

Digital Library

[17]

Weinberg et al. 2011. I still know what you visited last summer: Leaking browsing history via user interaction and side channel attacks. In Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 147--161.

Digital Library

[18]

Yamamoto et al. 2009. A Shoulder-Surfing-Resistant Image-Based Authentication System with Temporal Indirect Image Selection. In Security and Management. 188--194.

[19]

Zhuang et al. 2009. Keyboard acoustic emanations revisited. ACM Transactions on Information and System Security (TISSEC), Vol. 13, 1 (2009), 3.

Digital Library

[20]

Jan Noyes. 1983. The QWERTY keyboard: A review. International Journal of Man-Machine Studies, Vol. 18, 3 (1983), 265--281.

[21]

Occupational Safety and Health Administration and others. 1999. OSHA technical manual. Section VIII (1999).

[22]

David Robb. 2014. Sony hack: A timeline. http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501/.

[23]

Jeff Sauro. 2009. Estimating productivity: composite operators for Keystroke Level Modeling. In International Conference on Human-Computer Interaction. Springer, 352--361.

Digital Library

[24]

Wojciech Wodo and Lucjan Hanzlik. 2016. Thermal Imaging Attacks on Keypad Security Systems. In SECRYPT. 458--464.

Digital Library

[25]

Michal Zalewski. 2005. Cracking safes with thermal imaging. http://lcamtuf.coredump.cx/tsafe/. Accessed: 2018-04-02.

Cited By

Faizul Bari MSen S(2024)NoiseHopper: Emission Hopping Air-Gap Covert Side Channel with Lower Probability of Detection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545402(21-32)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545402
Tu YShan LHossen MRampazzi SButler KHei XCalandrino JTroncoso C(2023)Auditory eyesightProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620248(175-192)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620248
Macdonald SAlotaibi NIslam MKhamis MWard JMcGill MMarky K(2023)Conducting and Mitigating Portable Thermal Imaging Attacks on User Authentication using AI-driven MethodsProceedings of the Augmented Humans International Conference 202310.1145/3582700.3583698(357-359)Online publication date: 12-Mar-2023
https://dl.acm.org/doi/10.1145/3582700.3583698
Show More Cited By

Recommendations

Dynamic thermal imaging analysis in the effectiveness evaluation of warming and cooling formulations

Warming cosmetics and medicines are used to accelerate recovery from injuries whereas cooling preparations are used in the pains of muscles, joints, spine, bruises or edema. The paper verifies subjective heating or warming sensations with respect to the ...
Suppressing reflected radiation to enhance infrared thermography inspection
Abstract
Infrared thermography is commonly used in a variety of applications. It is a fast, passive, non-contact, non-invasive alternative to conventional techniques. Nevertheless, its use has several associated errors that must be minimized or eliminated. ...
Off-Path TCP Exploits of the Mixed IPID Assignment
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

In this paper, we uncover a new off-path TCP hijacking attack that can be used to terminate victim TCP connections or inject forged data into victim TCP connections by manipulating the new mixed IPID assignment method, which is widely used in Linux ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

July 2019

708 pages

ISBN:9781450367523

DOI:10.1145/3321705

General Chairs:
Steven Galbraith
University of Auckland, New Zealand
,
Giovanni Russello
University of Auckland, New Zealand
,
Willy Susilo
University of Wollongong, Australia
,
Program Chairs:
Dieter Gollmann
Hamburg University of Technology, Germany & Nanyang Technological University, Singapore
,
Engin Kirda
Northeastern University, USA
,
Zhenkai Liang
National University of Singapore, Singapore

Copyright © 2019 ACM.

© 2019 Association for Computing Machinery. ACM acknowledges that this contribution was authored or co-authored by an employee, contractor or affiliate of the United States government. As such, the United States Government retains a nonexclusive, royalty-free right to publish or reproduce this article, or to allow others to do so, for Government purposes only.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 July 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Short-paper

Conference

Asia CCS '19

Sponsor:

SIGSAC

Asia CCS '19: ACM Asia Conference on Computer and Communications Security

July 9 - 12, 2019

Auckland, New Zealand

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
558
Total Downloads

Downloads (Last 12 months)146
Downloads (Last 6 weeks)12

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Faizul Bari MSen S(2024)NoiseHopper: Emission Hopping Air-Gap Covert Side Channel with Lower Probability of Detection2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545402(21-32)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545402
Tu YShan LHossen MRampazzi SButler KHei XCalandrino JTroncoso C(2023)Auditory eyesightProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620248(175-192)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620248
Macdonald SAlotaibi NIslam MKhamis MWard JMcGill MMarky K(2023)Conducting and Mitigating Portable Thermal Imaging Attacks on User Authentication using AI-driven MethodsProceedings of the Augmented Humans International Conference 202310.1145/3582700.3583698(357-359)Online publication date: 12-Mar-2023
https://dl.acm.org/doi/10.1145/3582700.3583698
Chang HChang S(2023)Pressure Tactile Feedback Pin Pad Module Application: Reduce Shoulder Surfing Success RateHCI International 2023 Posters10.1007/978-3-031-35989-7_27(216-223)Online publication date: 9-Jul-2023
https://doi.org/10.1007/978-3-031-35989-7_27
Alotaibi NWilliamson JKhamis M(2022)ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer KeyboardsACM Transactions on Privacy and Security10.1145/356369326:2(1-24)Online publication date: 15-Sep-2022
https://dl.acm.org/doi/10.1145/3563693
Bekaert PAlotaibi NMathis FGerber NRafferty AKhamis MMarky K(2022)Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily LivesNordic Human-Computer Interaction Conference10.1145/3546155.3546706(1-9)Online publication date: 8-Oct-2022
https://dl.acm.org/doi/10.1145/3546155.3546706
Alotaibi NIslam MMarky KKhamis M(2022)Advanced Techniques for Preventing Thermal Imaging AttacksCompanion Proceedings of the 27th International Conference on Intelligent User Interfaces10.1145/3490100.3516472(18-21)Online publication date: 22-Mar-2022
https://dl.acm.org/doi/10.1145/3490100.3516472
Sethuraman SMitra AGalada GGhosh AAnitha S(2022)Metakey: A Novel and Seamless Passwordless Multifactor Authentication for Metaverse2022 IEEE International Symposium on Smart Electronic Systems (iSES)10.1109/iSES54909.2022.00148(662-664)Online publication date: Dec-2022
https://doi.org/10.1109/iSES54909.2022.00148
Abdrabou YHatem RAbdelrahman YElmougy AKhamis M(2021)Passphrases Beat Thermal Attacks: Evaluating Text Input Characteristics Against Thermal Attacks on Laptops and SmartphonesHuman-Computer Interaction – INTERACT 202110.1007/978-3-030-85610-6_41(712-721)Online publication date: 26-Aug-2021
https://doi.org/10.1007/978-3-030-85610-6_41
Abdrabou YAbdelrahman YAyman AElmougy AKhamis M(2020)Are Thermal Attacks Ubiquitous?Proceedings of the 2020 International Conference on Advanced Visual Interfaces10.1145/3399715.3399819(1-5)Online publication date: 28-Sep-2020
https://dl.acm.org/doi/10.1145/3399715.3399819
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten