The criminals just keep on getting more and more advanced in their ability to compromise your expectation of mobile privacy.
In fact, this latest example will probably blow your mind…
Read more: Can you hack an iPhone with Play-Doh?
Thermal image cameras are a new frontier for criminals
German researchers have demonstrated how sophisticated criminals can use thermal imaging cameras to stealthily steal your PIN and gain access to your phone in just seconds flat.
Here’s the story: When you touch your phone’s screen, your fingers leave behind a heat trace. That trace is invisible to the naked eye, but it can be easily seen by a thermal camera like the one used here.
‘Because heat decays at a known rate, a person typing in a PIN with four different digits would leave behind four heat traces of slightly different temperatures: The first digit entered would be coolest, and the last digit would be warmest,’ the Atlantic reports.
‘If a thermal image contains only three or two heat traces, the attacker can infer that the PIN contains at least one digit more than once. The phone’s exact PIN…can be guessed in three or fewer tries. And if there’s only one heat trace, the attacker knows the PIN is just one digit repeated four times.’
Perhaps scariest of all, this kind of high-tech attack would work a full 30 seconds after your finger touches the screen!
This technique has nearly 90% accuracy up to 15 seconds after the user last touched their phone screen. At 30 seconds, it works with 80% accuracy. Anything longer than that and the accuracy rates plummets to 35%.
This technique can detect PINs (passcodes) on iOS and the finger tracing pattern by which Android users typically access their phones.
The reality is 30 seconds is plenty of time for a crook to whip out a small thermal imaging camera and shoot your screen — especially in a workplace where you log in on your phone and then put it down on your desk to run to the kitchen or restroom.
The good news here is that this process involves more than just snapping a simple picture. It actually entails a complex multi-step process:
1. The thermal camera begins by taking a picture of the targeted phone screen.
2. The color image that results is then grayscaled and filtered.
3. The background is then removed, leaving only the heat traces behind.
4. The heat traces are detected and extracted.
6. Heat trace analysis, which is aided by algorithms, is then used to figure out the likely order for the digits or pattern for the finger swipe.
You can probably tell this isn’t the kind of thing that your run-of-mill crook would likely be able to do. So it would definitely take a more sophisticated criminal ring to pull this off.
What can you do to protect yourself?
The researchers have three chief suggestions to help you thwart would-be thermal camera criminals.
For iOS users, avoid duplicate numbers in your passcode. Duplicate numbers only make the heat traces more pronounced and easier to figure out.
Android users, meanwhile, should employ a swipe pattern with overlapping motions that backtracks over itself. Researchers found that two overlaps reduced the feasibility of this attack working down to zero.
Finally, it’s been said that cooler heads prevail, but hot hands can derail you when you’re trying to lock down your privacy!
So if you’re really concerned about this, you may want to consider holding a bottle of cold water or something else that’s cool before entering your PIN or swipe pattern.