- Broadcom grows revenues by 20% following VMware purchase, as customers fume about subscription costs
- How global threat actors are weaponizing AI now, according to OpenAI
- The viral Air Purifier Table is my smart home's MVP (and it's on sale for $179)
- Grab the Galaxy S25 Edge for $170 off and get a free Amazon gift card - but act fast
- How I learned to stop worrying and love my health tracker
Researchers Suggest Ways to Tackle Thermal Attacks
Researchers at Glasgow University have identified 15 ways users and manufacturers could reduce the risk of thermal attacks to boost the security of logins.
Thermal attacks involve the use of thermal imaging cameras to identify the keys on a PIN pad or keyboard last touched by a user, thereby enabling an attacker to guess a user’s PIN or password.
A paper produced by the research team last year revealed that two-thirds of passwords of up to 16 characters could be cracked in this way, rising to 82% of 12-character passwords and 100% of six-character logins.
It also claimed that 86% of passwords were revealed when thermal images were taken within 20 seconds, 76% when images were taken within 30 seconds and 62% after 60 seconds.
Read more on thermal attacks: Thermal-based Camera PIN Monitoring Techniques Revealed by Researchers
Now Mohamed Khamis and his colleagues have developed a set of recommendations to mitigate such risks, after surveying user preferences and reviewing existing security strategies.
Among the 15 approaches listed in the paper, some are more practical than others. They include:
- Wearing gloves or rubber thimbles
- Changing the temperature of hands by touching something cold before typing
- Pressing hands against surfaces
- Breathing on surfaces after typing to obscure fingerprint heat
- Placing a heating element behind surfaces
- Making surfaces from materials which dissipate heat more rapidly
- Introducing a physical shield that covers keys until heat has dissipated
- Using eye-tracking inputs or biometric security
“Users told us that they considered themselves at least partially responsible for their own security, so we advise that they pay close attention to their surroundings when entering sensitive data in public to make sure no-one is watching, or use a secure facility such as a bank. Where that’s not possible, we suggest resting palms on devices to obscure traces of heat, or wearing gloves or finger protection if they can,” advised researcher Karola Marky.
“We’d also advise using multi-factor authentication (MFA) wherever users are able because it protects against a range of different attacks including thermal attacks, and safeguard all authentication factors as much as possible.”
