Are Thermal Attacks Ubiquitous? When Non-Expert Attackers Use Off the Shelf Thermal Cameras

Abdrabou, Y., Abdelrahman, Y., Ayman, A., Elmougy, A. and Khamis, M. (2020) Are Thermal Attacks Ubiquitous? When Non-Expert Attackers Use Off the Shelf Thermal Cameras. In: International Conference on Advanced Visual Interfaces (AVI ’20), Salerno, Italy, 28 Sep - 02 Oct 2020, ISBN 9781450375351 (doi:10.1145/3399715.3399819)

[img] Text
217036.pdf - Accepted Version

1MB

Abstract

Recent work showed that using image processing techniques on thermal images taken by high-end equipment reveals passwords entered on touchscreens and keyboards. In this paper, we investigate the susceptibility of common touch inputs to thermal attacks when non-expert attackers visually inspect thermal images. Using an off-the-shelf thermal camera, we collected thermal images of a smartphone's touchscreen and a laptop's touchpad after 25 participants had entered passwords using touch gestures and touch taps. We show that visual inspection of thermal images by 18 participants reveals the majority of passwords. Touch gestures are more vulnerable to thermal attacks (60.65% successful attacks) than touch taps (23.61%), and attacks against touchscreens are more accurate than on touchpads (87.04% vs 56.02%). We discuss how the affordability of thermal attacks and the nature of touch interactions make the threat ubiquitous, and the implications this has on security.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Khamis, Dr Mohamed
Authors: Abdrabou, Y., Abdelrahman, Y., Ayman, A., Elmougy, A., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781450375351
Copyright Holders:Copyright © 2020 Copyright held by the owner/author(s).
First Published:First published in AVI '20: Proceedings of the International Conference on Advanced Visual Interfaces
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
309501RSE EnterpriseMohamed KhamisThe Royal Society of Edinburgh (ROYSOCED)65040Computing Science