Article

Heat of the moment: characterizing the efficacy of thermal camera-based attacks

Authors:

Keaton Mowery,

Sarah Meiklejohn,

Stefan SavageAuthors Info & Claims

WOOT'11: Proceedings of the 5th USENIX conference on Offensive technologies

Page 6

Published: 08 August 2011 Publication History

Publisher Site

Abstract

In this paper, we examine the potential of using a thermal camera to recover codes typed into keypads in a variety of scenarios. This attack has the advantage over using a conventional camera that the codes do not need to be captured while they are being typed and can instead be recovered for a short period afterwards. To get the broadest sense of how effective such an attack might be, we consider a number of variables: the material of the keypad, the user entering the code, the distance from the camera to the keypad, and the possible methods used to analyze the data. First, we present code recovery results from human review of our test data set; this provides us with a baseline for the overall effectiveness of thermal camera-based attacks. Second, using techniques from computer vision we automatically extract the code from raw camera data, thus demonstrating that this attack has the potential to scale well in practice.

As we will see, both human and automated attacks are by and large successful in recovering the keys present in the code, even a full minute after they have been pressed; both methods are also able to determine the exact code (i.e., including the order in which the keys were pressed) for a smaller fraction of codes. Even without ordering, however, the search space of possible keys is still vastly reduced by knowing the keys pressed; for example, the search space is reduced from 10,000 possible codes to approximately 24 for a 4-digit code. In large-scale attacks involving many unique codes, such as on ATM PINs, our success rate indicates that an adversary can correctly recover enough codes to make such an attack economically viable.

References

[1]

ANDERSON, R. Why cryptosystems fail. In Proceedings of CCS 1993 (1993), pp. 215-227.

Digital Library

Google Scholar

[2]

ASONOV, D., AND AGRAWAL, R. Keyboard acoustic emanations. In Proceedings of the 2004 IEEE Symposium on Security and Privacy (2004), pp. 3-11.

Crossref

Google Scholar

[3]

AVIV, A., GIBSON, K., MOSSOP, E., BLAZE, M., AND SMITH, J. Smudge attacks on smartphone touch screens. In Proceedings of WOOT 2010 (2010).

Digital Library

Google Scholar

[4]

ENISA. Atm crime: overview of the European situation and golden rules on how to avoid it, 2009. http://www.enisa.europe.eu/media/press-releases/enisa-warn.

Google Scholar

[5]

FLIR. A320 camera specifications. http://www.flira320.com/PDF/datasheet_thermal_imaging_camera_flirA320.pdf.

Google Scholar

[6]

KREBS, B. ATM skimmers: hacking the cash machine, 2011. http://krebsonsecurity.com/tag/atm-skimmer.

Google Scholar

[7]

KUHN, M. Electromagnetic eavesdropping risks of flat-panel displays. In Proceedings of the 4th Workshop on Privacy Enhancing Technologies (PET) (2004), pp. 88-106.

Digital Library

Google Scholar

[8]

LAXTON, B., WANG, K., AND SAVAGE, S. Reconsidering physical key secrecy: teleduplication via optical decoding. In Proceedings of CCS 2008 (2008), pp. 469-478.

Digital Library

Google Scholar

[9]

RUSSELL, D. Atm crime, ATM fraud overview. http://ezinearticles.com/?ATM-Crime,-ATM-Fraud-Overview.

Google Scholar

[10]

SHAMIR, A., AND TROMER, E. Acoustic crypanalysis: On nosy people and noisy machines. http://tau.ac.il/~tromer/acoustic/.

Google Scholar

[11]

VAN ECK, W. Electromagnetic radiation from video display units: An eavesdropping risk? Computers & Security 4, 4 (1985), 269-286.

Digital Library

Google Scholar

[12]

ZALEWSKI, M. Cracking safes with thermal imaging, 2005. http://lcamtuf.coredump.cx/tsafe.

Google Scholar

[13]

ZHUANG, L., ZHOU, F., AND TYGAR, J. Keyboard acoustic emanations revisited. In ACM Transactions on Information and System Security (2009), vol. 13.

Digital Library

Google Scholar

Cited By

View all

Alotaibi NWilliamson JKhamis M(2022)ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer KeyboardsACM Transactions on Privacy and Security10.1145/356369326:2(1-24)Online publication date: 15-Sep-2022
https://dl.acm.org/doi/10.1145/3563693
Kaczmarek TOzturk ETsudik GGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)ThermanatorProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329846(586-593)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329846
Abdrabou YKhamis MEisa RIsmail SElmougy AKrejtz KSharif B(2019)Just gaze and waveProceedings of the 11th ACM Symposium on Eye Tracking Research & Applications10.1145/3314111.3319837(1-10)Online publication date: 25-Jun-2019
https://dl.acm.org/doi/10.1145/3314111.3319837
Show More Cited By

Recommendations

Heat Stroke: Power-Density-Based Denial of Service in SMT
HPCA '05: Proceedings of the 11th International Symposium on High-Performance Computer Architecture

In the past, there have been several denial-of-service (DOS) attacks which exhaust some shared resource (e.g., physical memory, process table, file descriptors, TCP connections) of the targeted machine. Though these attacks have been addressed, it is ...
Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs
SOSP '09: Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles

As computers have become ever more interconnected, the complexity of security configuration has exploded. Management tools have not kept pace, and we show that this has made identity snowball attacks into a critical danger. Identity snowball attacks ...
Analysis of Influencing Factors of Heat Transfer Performance of Heat Pipe Heat Exchanger
ICEET '09: Proceedings of the 2009 International Conference on Energy and Environment Technology - Volume 01

Heat transfer performance of heat pipe heat exchanger affected by many factors, such as the opening temperature of the heat pipe , the rate of fluid-filled, the physical nature of liquid refrigerant 、the work temperature of tube , angle, tube spacing, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

WOOT'11: Proceedings of the 5th USENIX conference on Offensive technologies

August 2011

14 pages

Program Chairs:
David Brumley
Carnegie Mellon University
,
Michal Zalewski
Google

Publisher

USENIX Association

United States

Publication History

Published: 08 August 2011

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 16 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Alotaibi NWilliamson JKhamis M(2022)ThermoSecure: Investigating the Effectiveness of AI-Driven Thermal Attacks on Commonly Used Computer KeyboardsACM Transactions on Privacy and Security10.1145/356369326:2(1-24)Online publication date: 15-Sep-2022
https://dl.acm.org/doi/10.1145/3563693
Kaczmarek TOzturk ETsudik GGalbraith SRussello GSusilo WGollmann DKirda ELiang Z(2019)ThermanatorProceedings of the 2019 ACM Asia Conference on Computer and Communications Security10.1145/3321705.3329846(586-593)Online publication date: 2-Jul-2019
https://dl.acm.org/doi/10.1145/3321705.3329846
Abdrabou YKhamis MEisa RIsmail SElmougy AKrejtz KSharif B(2019)Just gaze and waveProceedings of the 11th ACM Symposium on Eye Tracking Research & Applications10.1145/3314111.3319837(1-10)Online publication date: 25-Jun-2019
https://dl.acm.org/doi/10.1145/3314111.3319837
Kang SChoi HPark SPark CLee JLee ULee SAgarwal SGreenstein BBalasubramanian AGollakota SZhang X(2019)Fire in Your HandsThe 25th Annual International Conference on Mobile Computing and Networking10.1145/3300061.3300128(1-16)Online publication date: 5-Aug-2019
https://dl.acm.org/doi/10.1145/3300061.3300128
Li DZhang XHu MZhai GYang X(2019)Physical Password Breaking via Thermal Sequence AnalysisIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.286821914:5(1142-1154)Online publication date: 1-May-2019
https://dl.acm.org/doi/10.1109/TIFS.2018.2868219
Trotter LPrange SKhamis MDavies NAlt F(2018)Design Considerations for Secure and Usable Authentication on Situated DisplaysProceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia10.1145/3282894.3289743(483-490)Online publication date: 25-Nov-2018
https://dl.acm.org/doi/10.1145/3282894.3289743
Abdrabou YKhamis MEisa RIsmael SElmougy A(2018)eNGAGEProceedings of the 17th International Conference on Mobile and Ubiquitous Multimedia10.1145/3282894.3289741(469-473)Online publication date: 25-Nov-2018
https://dl.acm.org/doi/10.1145/3282894.3289741
Khamis MHasholzner RBulling AAlt FLangheinrich MClinch S(2017)GTmoPassProceedings of the 6th ACM International Symposium on Pervasive Displays10.1145/3078810.3078815(1-9)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078810.3078815
Abdelrahman YKhamis MSchneegass SAlt FMark GFussell SLampe Cschraefel mHourcade JAppert CWigdor D(2017)Stay Cool! Understanding Thermal Attacks on Mobile-based User AuthenticationProceedings of the 2017 CHI Conference on Human Factors in Computing Systems10.1145/3025453.3025461(3751-3763)Online publication date: 2-May-2017
https://dl.acm.org/doi/10.1145/3025453.3025461
Alhothaily AAlrawais ACheng XBie R(2014)Towards More Secure Cardholder Verification in Payment SystemsProceedings of the 9th International Conference on Wireless Algorithms, Systems, and Applications - Volume 849110.1007/978-3-319-07782-6_33(356-367)Online publication date: 23-Jun-2014
https://dl.acm.org/doi/10.1007/978-3-319-07782-6_33
Show More Cited By

Abstract

References

Cited By

Recommendations

Heat Stroke: Power-Density-Based Denial of Service in SMT

Heat-ray: combating identity snowball attacks using machinelearning, combinatorial optimization and attack graphs

Analysis of Influencing Factors of Heat Transfer Performance of Heat Pipe Heat Exchanger

Comments

Information

Published In

Sponsors

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations