Freezing Out Risk: Expert Advice to Safeguard Against Thermal Attacks

Computer Security Experts Offer Advice to Freeze Out Risk of Thermal Attacks

Introduction

In a recent study conducted by computer security experts from the University of Glasgow, researchers have developed a comprehensive set of recommendations to defend against thermal attacks, a method used by hackers to steal personal information. Thermal attacks rely on heat-sensitive cameras to read the traces of fingerprints left on surfaces such as smartphone screens, computer keyboards, and PIN pads. By analyzing the relative intensity of heat traces on these surfaces, hackers can reconstruct users’ passwords. With the increasing availability and affordability of thermal cameras, it is crucial for individuals and manufacturers to take steps to mitigate the risks associated with thermal attacks.

The Threat of Thermal Attacks

The research team, led by Dr. Mohamed Khamis, first demonstrated the ease with which thermal images could be used to crack passwords through their system, ThermoSecure, which utilized AI to scan heat-trace images and guess passwords within seconds. Building upon their initial findings, the team conducted a comprehensive review of existing computer security strategies and surveyed users’ preferences on how thermal attacks can be prevented at public payment devices such as ATMs and transport ticket dispensers.

Identifying Security Measures

The team identified 15 different approaches described in previous papers on computer security that could reduce the risk of thermal attacks. These approaches included both user-focused and hardware/software-based solutions. User-focused strategies involved actions such as wearing gloves or rubber thimbles to reduce the transfer of heat from hands and changing the temperature of hands by touching something cold before typing. Additionally, users could employ techniques such as pressing hands against surfaces or breathing on them to obscure their fingerprint heat once they finish typing.

Hardware and Software Solutions

To enhance security at public surfaces, the researchers suggested a range of hardware and software solutions. For example, a heating element behind surfaces could erase traces of finger heat, or surfaces could be made from materials that dissipate heat more rapidly. Introducing a physical shield that covers keys until heat has dissipated could further increase security. Alternatively, eye-tracking inputs or biometric security methods could reduce the risk of successful thermal attacks.

User Preferences and Recommendations

To gauge users’ preferences regarding these security measures, the team conducted an online survey with 306 participants. The survey aimed to determine which strategies users found most appealing and whether they had any additional security measures in mind when using public devices. The responses revealed that users commonly suggested waiting to use an ATM until their surroundings seemed safest and favored familiar strategies like two-factor authentication due to their perceived effectiveness. The survey also revealed concerns about hygiene and privacy, as users expressed reluctance towards strategies like breathing on devices to mask heat traces or additional security measures like face or fingerprint recognition.

Advice for Users and Device Manufacturers

Based on their research findings, the team provided recommendations for both users and device manufacturers. For users, it is advised to pay close attention to their surroundings when entering sensitive data in public, ensuring no one is watching. Users can also rest their palms on devices to obscure traces of heat or consider using gloves or finger protection. Employing multi-factor authentication whenever possible is crucial as it provides protection against various attacks, including thermal attacks. Users should also prioritize safeguarding their authentication factors.

For manufacturers of devices used in public spaces, the team suggests considering thermal attacks early in the design phase. Augmenting devices with physical screens to block surfaces briefly or using privacy-enhancing keyboards that shuffle the layout of keys after use could enhance security. For existing devices, software updates could serve as reminders to users to be aware of their surroundings and take action to prevent observation with thermal cameras. Additionally, the team recommends that thermal camera manufacturers integrate new software locks to prevent thermal cameras from taking pictures of surfaces like PIN pads on bank machines.

Conclusion

While the exact prevalence of thermal attacks on personal information remains unclear, it is crucial for computer security researchers to remain vigilant and keep pace with the risks posed by thermal cameras. The study conducted by the University of Glasgow provides valuable insights into the various strategies and countermeasures that can be employed to mitigate the risk of thermal attacks. As the researchers note, it is essential for individuals to find a strategy that aligns with their personal habits and behaviors and to employ it consistently to make it harder for others to gain access to their personal data.

In an era where cybersecurity threats continue to evolve, it is imperative for individuals, manufacturers, and researchers to collaborate in developing proactive measures to safeguard sensitive information. By adopting the recommended security measures presented in this study and staying informed about emerging threats, we can take significant steps towards protecting our personal data in an increasingly interconnected world.