1. • COURCE NAME :cyber security
• COLLAGE NAME :NOBAL GROUP OF INSTITUTE
• COLLAGE CODE :035
• Attack name: Thermanator Attack
2. SR.NO NAMES BRANCH ROLL NO
1 PAMBHAR PARIMAL CSE 160350107031
2 THUMAR KISHAN CSE 160350107040
3 DALSANIA DEEP IT 160350116002
3.
4. Thermanator Attack
• he attack, called "Thermanator", could use your body heat
against you in order to steal your credentials or any other
short string of text that you have typed on a computer
keyboard
5. History
• A team of academics from the University of
California, Irvine (UCI), have presented a type
of attack that could enable a malefactor to
retrieve sensitive information you entered via
your keyboard – possibly up to a minute after
you typed it.
• Founder Name:Tomáš Foltýn
• 6 Jul 2018 - 04:33PM
6. Research
• The researchers had 30 users enter 10
different password , both strong and weak, on four
common external keyboards. Using a thermal
imaging camera, the researchers then scanned the
residual heat left on the recently-pressed keys. In the
second stage, they enlisted the help of eight non-
experts in the field who, acting as “adversaries”, were
asked to derive the set of pressed keys from the
thermal imaging data – which they reliably did.
7. Thermanator attack can recover
passwords, PINs
• The UCI team calls this attack Thermanator, and they
say it can be used to recover short strings of text, may
it be a verification code, a banking PIN, or password.
• Attackers need to be able to place a camera with
thermal recording features near a victim, and the
camera must have a clear view of the keys for the
Thermanator attack to work.
• But when these conditions are met, an attacker, even
a non-expert one, can recover a collection of keys the
victim has pressed, keys which it can later assemble
into possible strings to be used in a dictionary attack.
8. Passwords can be recovered up to
30 seconds after input
• In laboratory experiments, the research team had 31 users
enter passwords on four different keyboard types. UCI
researchers then asked eight non-experts to derive the set
of pressed keys from the recorded thermal imaging data.
10. How to prevent this attack
• Researchers say that users who type using a
"hunt and peck" technique of pressing one key
at a time with two fingers while continually
looking at the keyboard are more susceptible
to having their key presses harvested by this
technique.
11. UCI researchers: Passwords must go
• One of the conclusions of this research is that over the years several
academics have devised several types of attacks for recording
passwords in various ways, such as through mechanical vibrations,
electromagnetic emanations, and more. The research team argues
that it may be time to move away from passwords as a means to
secure user data and equipment.
• "As formerly niche sensing devices become less and less expensive,
new side-channel attacks move from 'Mission: Impossible' towards
reality," researchers said. "This is especially true considering the
constantly decreasing cost and increasing availability of high-quality
thermal imagers."
• More details about the UCI team's research can be found in a paper
titled "Thermanator: Thermal Residue-Based Post Factum Attacks
On Keyboard Password Entry."
• Related Articles: