Computer security experts offer advice to freeze out risk of thermal attacks

A team of computer security experts have developed a set of recommendations to help defend against “thermal attacks” which can steal personal information.

Thermal attacks use heat-sensitive cameras to read the traces of fingerprints left on surfaces like smartphone screens, computer keyboards and PIN pads.

Hackers can use the relative intensity of heat traces across recently-touched surfaces to reconstruct users’ passwords.

Last year, Dr. Mohamed Khamis and colleagues from the University of Glasgow set out to demonstrate how easily thermal images could be used to crack passwords.

The team developed ThermoSecure, a system which used AI to scan heat-trace images and correctly guess passwords in seconds, alerting many to the threat of thermal attacks.

Now, Dr. Khamis and colleagues have put together the first comprehensive review of existing computer security strategies, and surveyed users on their preferences on how thermal attacks can be prevented at public payment devices like ATMs or transport ticket dispensers.

Their research, set to be presented as a paper at the USENIX Security Symposium conference in Anaheim, California, on Friday 11 August, also includes advice to manufacturers on how their devices could be made more secure. USENIX Security is widely recognized as one of the leading conferences in the fields of computer security and cybersecurity.

The team identified 15 different approaches described in previous papers on computer security which could reduce the risk of thermal attacks.

Those included ways to reduce the transfer of heat from users’ hands, by wearing gloves or rubber thimbles, or changing the temperature of hands by touching something cold before typing.

Approaches suggested in the literature also included pressing hands against surfaces or breathing on them to obscure their fingerprint heat once they had…