Hackers are cracking passwords using body heat

As cyber security improves, hackers are using ever more sophisticated techniques in an attempt to break into your devices. 

Experts are now warning that would-be hackers could start using heat-detecting cameras to track passwords seconds after they've been typed by following the heat from our fingers.

Researchers from the University of Glasgow used artificial intelligence to find that around 86 percent of passwords could be cracked using thermal images taken around 20 seconds after someone typed it. 

After 30 seconds, this dropped to 76 percent of passwords, and within a minute it fell to 62 percent. 

Wavebreakmedia Ltd UC18 / Alamy Stock Photo

Hackers using thermal imagery would be able to spot the brighter areas that appear on an image – the brighter the area, the more recently it was touched. 

It's then possible to measure the intensity of the warmer areas to determine the specific letters, numbers or symbols that make up the password, work out in which order they were used and, ultimately, accurately guess your password. 

The study’s authors warned that, as thermal imaging technology becomes cheaper, hackers could turn to such methods to hack phones or computers. 

Mohamed Khamis from the University of Glasgow team said: "They say you need to think like a thief to catch a thief. We developed ThermoSecure by thinking carefully about how malicious actors might exploit thermal images to break into computers and smartphones.

creativep / Alamy Stock Photo

“Access to thermal imaging cameras is more affordable than ever – they can be found for less than £200 – and machine learning is becoming increasingly accessible too. That makes it very likely that people around the world are developing systems along similar lines to ThermoSecure in order to steal passwords. 

“It’s important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to develop our technology to try to stay one step ahead of attackers.” 

If you want to stay safe, the research suggested longer passwords are more difficult to crack. 

Jan Miks / Alamy Stock Photo

The study found that six-character passwords were correctly cracked 100 percent of the time, compared to 82 percent of the time for a 12-character password, and 67 percent for a 16-character password. 

The authors also revealed that backlit keyboards provide more heat and, again, make reading the thermal image more difficult. 

And, if you want to be extra secure, you could ditch entering a password manually altogether. 

Khamis went on: “Users can help make their devices and keyboards more secure by adopting alternative authentication methods, like fingerprint or facial recognition, which mitigate many of the risks of thermal attack.”

If you have a story you want to tell, send it to UNILAD via [email protected]