Exploit the Heat of the Fingers to Reveal the Code Lock of Your Smartphone

///Exploit the Heat of the Fingers to Reveal the Code Lock of Your Smartphone

The use of PIN codes or the use of a schema, these are the current methods offered by most smartphone manufacturers to their customers. A computer science research team at the University of Stuttgart reveals that, whenever one of these operations is carried out, a trace of heat remains on the screen.

The team explains how the use of a thermal camera can make it possible to blow the lock, giving a third party access to the privacy of the owner of the device. Finally, it proposes solutions to what it has called “thermal attack.”

First – A few figures

The team of researchers reveals that a third party with the developed thermal attack process could reveal it successfully in 72 to 100% of the cases within 30 seconds of the user introducing the lock.

Overview of the process

To achieve this, the hacker should have a thermal camera. Its use would then allow it to collect the traces of heat on the display and make a thermal image, which would then be passed to a software thermal analyzer to convert the data to grayscale with noise reduction (see below picture below).

attaque-thermique-methode

The isolation of the hot spots in the image would then reveal the lock, whether it be a PIN code or a diagram would then be passed to a software thermal analyzer to convert the data into grayscale with noise reduction.

Perspectives

The researchers say that the results obtained depend very much on the sensitivity of the thermal camera. A thermal camera of better sensitivity than that used in the experiment would allow the time interval in which it will still be possible to reveal the code at 60 seconds. They also foresee the generalization of this concept to all devices equipped with touch screens with additionally the software implementation of neural networks to boost the thermal analyzer in robustness.

Recommendations of the research team

  • Using longer PIN codes has the effect of significantly reducing the effectiveness of a thermal attack.
  • Privilege tools to combine lock modes (PIN and schematics).
  • Cover the display with your hand while entering the PIN code, which will generate a series of traces that are difficult to use.
  • Increase the brightness of the screen, which increases the temperature of the screen and consequently reduces the effectiveness of the thermal attack.

Hits: 163

By |2017-03-19T14:21:44+00:00March 19th, 2017|Data Security, Technology|2 Comments

2 Comments

  1. Lewis January 9, 2018 at 1:30 pm - Reply

    In a world of digital technology, education and technology, a phone which initially was used for communication purpose might hold so much important data that a need to protect it is paramount. The security patterns in smart phones is one among many security measures taken to solve the problem. However, just like a coin has 2 sides does the patterns function seize with innovation of heat of the fingers to maneuver the security offered by patterns. Smartphone manufacturers need to come up with heat resistant screens which release finger heat faster or other ways to protect the users of their products information from malicious people.The same manufacturers should also bring up ways to protect the phones data even in the hands of the world

  2. Daniel Ogeto Omwancha January 21, 2018 at 8:02 pm - Reply

    Very educative and interesting article. Indeed digital technology has advanced very fast. From the era of analog stock phones to the current sleek smartphones found almost in all corners of the globe today courtesy of the many innovative startups doting the globe. With the advent of mobile devices (smartphones), and in particular the plethora of embedded features and sensors, there has been even more sophisticated side-channel attacks targeting smartphones. The increasing amount of sensitive data available on personal mobile devices, such as personal photos, call logs, bank accounts, and emails underlines the need to secure them against this kinds of malicious attacks. It’s worth bearing in mind that if you’re really worried about someone close by looking over your shoulder to snoop on your PIN code or lock screen pattern maybe you would be better off protecting your mobile device with a biometric (such as your fingerprint) instead. Biometrics are not impossible to bypass, but in many cases they will be more than enough to defeat anything less than a sophisticated attacker.

Leave A Comment