Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry
Thermanator is a post factum thermal imaging attack that allows an adversary recover full password key sets up to 30 seconds and partial password key sets up to 1 minute after password entry. The attack uses a mid-range thermal imaging camera.
Full paper available on arxiv.
An example thermal timelapse is given below. More information about the project and media coverage can be found on the project website: http://sprout.ics.uci.edu/projects/thermanator/
Password “passw0rd” thermal residue 0, 15,
30, 45 and 60 seconds after entry, left to right.
A Password Extractor Framework for Thermal Images
The password extractor framework uses image processing with
OpenCV to recover passwords given thermal images. It is open source at https://github.com/eozturk1/thermal (under development).
Attached images are from the 4-step thermal image password recovery process:
- Detection of key regions on the thermal image,
- Key labeling,
- Detection of residues,
- Password recovery and password guessing.
BFTKV is a Byzantine Fault-Tolerant distributed Key-Value storage that leverages GPG’s Web of Trust mechanism to build trust and b-masking quorums to provide fault tolerance.
I worked on BFTKV during my internship at . The project is open-source at https://github.com/yahoo/bftkv .
A few gifs on how this storage works (more details in the design document):