Thermal Residue-Based Password Attacks and the Ways to Counteract the Same

This article covers possible password attacks, describing thermal residue-based post factum password attacks and the ways to counteract the same, with test results provided as to the possibility of intercepting a password with a thermal imager. In the process of work theoretical material was studied, the methodology of testing the possibility of intercepting passwords, PIN-codes and graphic keys by residual heat trace was developed. The task of testing was that on different models of keyboards, as well as on a smartphone, a set of different combinations of characters, PIN codes and graphic keys was produced, then, using a thermal imager of the UNI-T model UTi260B photographs of the residual thermal trace were taken. The pictures were taken at different distances from the keyboard and after different times of typing the combinations of characters. In the course of this experiment, it was found that it is possible to obtain a sufficiently clear image within one minute after entering the password. However, in order to most successfully reproduce the sequence of the typed characters, the image should be made as early as possible. If the image is taken within fifteen seconds after the password has been entered, success in reproducing the character sequence is achieved in most cases. After thirty seconds, accuracy drops, and after forty-five seconds or more, it becomes increasingly difficult to reproduce the text. In cases of decryption of a graphical key, a similar heat attack makes it possible to reproduce the correct key form even forty seconds after input, as long as the key lines are not superimposed. As a result of the research, methods for counteracting residual heat trace attacks on passwords have been identified and formulated.