Passphrases Beat Thermal Attacks: Evaluating Text Input Characteristics Against Thermal Attacks on Laptops and Smartphones

Abdrabou, Y., Hatem, R., Abdelrahman, Y., Elmougy, A. and Khamis, M. (2021) Passphrases Beat Thermal Attacks: Evaluating Text Input Characteristics Against Thermal Attacks on Laptops and Smartphones. In: 18th IFIP TC13 International Conference on Human-Computer Interaction (INTERACT 2021), Bari, Italy, 30 Aug - 03 Sep 2021, pp. 712-721. ISBN 9783030856090 (doi: 10.1007/978-3-030-85610-6_41)

[img] Text
246705.pdf - Accepted Version

1MB

Abstract

We investigate the effectiveness of thermal attacks against input of text with different characteristics; we study text entry on a smartphone touchscreen and a laptop keyboard. First, we ran a study (N = 25) to collect a dataset of thermal images of short words, websites, complex strings (special characters, numbers, letters), passphrases and words with duplicate characters. Afterwards, 20 different participants visually inspected the thermal images to attempt to identify the text input. We found that long and complex strings are less vulnerable to thermal attacks, that visual inspection of thermal images reveals different parts of the entered text (36% on average and up to 82%) even if the attack is not fully successful, and that entering text on laptops is more vulnerable to thermal attacks than on smartphones. We conclude with three learned lessons and recommendations to resist thermal attacks.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Khamis, Dr Mohamed
Authors: Abdrabou, Y., Hatem, R., Abdelrahman, Y., Elmougy, A., and Khamis, M.
College/School:College of Science and Engineering > School of Computing Science
ISSN:0302-9743
ISBN:9783030856090
Published Online:26 August 2021
Copyright Holders:Copyright © IFIP International Federation for Information Processing 2021
First Published:First published in Human-Computer Interaction – INTERACT 2021. INTERACT 2021. Lecture Notes in Computer Science, vol 12935
Publisher Policy:Reproduced in accordance with the publisher copyright policy
Related URLs:

University Staff: Request a correction | Enlighten Editors: Update this record

Project CodeAward NoProject NamePrincipal InvestigatorFunder's NameFunder RefLead Dept
309501RSE EnterpriseMohamed KhamisThe Royal Society of Edinburgh (ROYSOCED)65040Computing Science
310627TAPS: Assessing, Mitigating and Raising Awareness of the Security and Privacy Risks of Thermal ImagingMohamed KhamisEngineering and Physical Sciences Research Council (EPSRC)EP/V008870/1Computing Science