Are thermal attacks a realistic threat? Investigating the preconditions of thermal attacks in users’ daily lives

AuthorBekaert, Paul; Alotaibi, Norah; Mathis, Florian; Gerber, Nina; Rafferty, Aidan Christopher; Khamis, Mohamed; Marky, Karola
TypeConference Proceedings
AbstractThermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users’ daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods.
ConferenceNordic Human-Computer Interaction Conference (NordiCHI '22)
InProceedings of the 12th Nordic Conference on Human-Computer Interaction, p.1-9