Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems 2017
DOI: 10.1145/3025453.3025461
|View full text |Cite
|
Sign up to set email alerts
|

Stay Cool! Understanding Thermal Attacks on Mobile-based User Authentication

Abstract: Figure 1: In this work we investigate thermal attacks against PINs and patterns on mobile devices. After entering PINs (a-c) or patterns (d-f) on a touch screen, a heat trace remains on the screen and can be made visible via thermal imaging.

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
114
0

Year Published

2017
2017
2021
2021

Publication Types

Select...
5
1
1

Relationship

2
5

Authors

Journals

citations
Cited by 102 publications
(115 citation statements)
references
References 46 publications
1
114
0
Order By: Relevance
“…Graphical passwords such as Android lock patterns are particularly vulnerable to smudge attacks [29,40]. Furthermore, many knowledge-based schemes are also vulnerable to thermal attacks, where heat traces resulting from the user's interactions with the interface are exploited to find the password [1].…”
Section: Knowledge Factormentioning
confidence: 99%
See 2 more Smart Citations
“…Graphical passwords such as Android lock patterns are particularly vulnerable to smudge attacks [29,40]. Furthermore, many knowledge-based schemes are also vulnerable to thermal attacks, where heat traces resulting from the user's interactions with the interface are exploited to find the password [1].…”
Section: Knowledge Factormentioning
confidence: 99%
“…Multimodal authentication was shown to be highly resilient to shoulder surfing [19]. Furthermore, thermal and smudge attacks normally require the attacker to inspect the interface after the user had left [1,3]. Our architecture complicates these attacks by relying on the user's mobile device for input.…”
Section: Multifactor Authenticationmentioning
confidence: 99%
See 1 more Smart Citation
“…In external side channel attacks, an attacker can exploit side channels outside a device. Three example external side channel attacks are residue-based attacks [1][2][3][4][5], Wi-Fi-based attacks [26], and vision-based attacks [6-12, 27, 28]. Intensive research efforts have been made to mitigate these side channel attacks in the past decades.…”
Section: Related Workmentioning
confidence: 99%
“…Sensitive information like the passwords entered on mobile devices can be stolen by attackers by exploiting the soft keyboard. For example, in residue-based attacks [1][2][3][4][5], the tapped keys can be inferred from the oily or heat residues left on the touch screen, the order of which can also be determined by measuring the heat residue left on the touched positions. In computer visionbased attacks [6][7][8][9][10][11][12], the interaction between the hand and the keyboard is exploited.…”
Section: Introductionmentioning
confidence: 99%