[ad_1]
Theft of passwords is not just a software and a social engineering – a thermal camera can already suffice
The thermal image of the word "passw0rd" after 0, 15, 30 and 45 seconds after the entry. (University of California, Irvine)
According to a study by scientists at the University of California, heat traces on commercially available keyboards are enough to choose passwords. According to the researchers, it is particularly easy to read the entries made by users of the two-finger search system. This unusual method of password hacking could come into play in the field of cyber and industrial espionage.
10 minutes later
"There are underestimated risks", Security Specialist at Eset. "While many are paying attention to the unwanted shoulder look, no one is thinking about their own body heat – of course – this offers potential for cyber criminals – no matter how strong the password is."
Researchers videotaped keyboards on which 30 subjects entered passwords. In the images, the pressed keys are always recognizable until one minute after the entry. And even the laity have succeeded in the next experimental phase to reconstruct correct sets of entries and password fragments from these images. Written with the help of two fingers rather than a 10-finger writing system, thermal fingerprints were usually larger, which facilitated the construction of potential attackers.
2-factor authentication as a solution
A series of countermeasures that make spying on the password much more difficult or impossible. For example, the hand on the keyboard should be deleted after entering sensitive information, or "random noise" generated by an arbitrary input. Other countermeasures are the use of the on-screen keyboard as well as the wearing of thermal insulation gloves – a rather unrealistic scenario. "The use of secure 2-factor authentication solutions is much more convenient – they are comfortable, easy to use, and offer maximum protection for access," says Uhlemann.
To learn more about the study of cracking password: www.welivesecurity.com/english/2018/07/13/passworddiebstahl-heat-traces keyboard /
Source: Eset
[ad_2]
Source link
