Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication
Date: May 6 2017 Publication: Proceedings of the 2017 SIGCHI Conference on Human Factors in Computing Systems (CHI '17) Publisher: ACM Source 1: https://www.medien.ifi.lmu.de/pubdb/publications/pub/abdelrahman2017chi/abdelrahman2017chi.pdf Source 2: http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf Abstract or Summary:
PINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices. Thermal cameras allow performing thermal attacks, where heat traces, resulting from authentication, can be used to reconstruct passwords. In this work we investigate in details the viability of exploiting thermal imaging to infer PINs and patterns on mobile devices. We present a study (N=18) where we evaluated how properties of PINs and patterns influence their thermal attacks resistance. We found that thermal attacks are indeed viable on mobile devices; overlapping patterns significantly decrease successful thermal attack rate from 100% to 16.67%, while PINs remain vulnerable (>72% success rate) even with duplicate digits. We conclude by recommendations for users and designers of authentication schemes on how to resist thermal attacks. Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.
<-- Back to Authentication Research Paper Index |