The presentation discusses the Terminator attack, a thermal side-channel attack that can recover passwords from external keyboards. The study investigates the success rate of the attack and factors that affect it.
- The Terminator attack is a thermal side-channel attack that can recover passwords from external keyboards.
- The study investigates the success rate of the attack and factors that affect it.
- The attack can be opportunistic or orchestrated.
- The success of the attack depends on factors such as password strength, typing style, and keyboard type.
- Hunt-and-peck typists are more vulnerable to the attack than touch typists.
- The attack can recover entire sets of key presses as late as 30 seconds and partial sets up to one minute.
- The study did not find reliable key press ordering information.
- The study provides a distance metric for non-random passwords.
The Terminator attack comes in two flavors: opportunistic and orchestrated. In the opportunistic version, the victim steps away after typing their password on their own accord. In the orchestrated version, an accomplice draws the victim away, allowing the attacker to take a thermal picture of the keyboard. The study found that hunt-and-peck typists are especially vulnerable to the attack since every key they press is a key in the password. The study also discovered that touch typists perch their hands on the home row, which creates confusion for the attacker since thermal residues lead to other keys close by those home row keys. The study did not find reliable key press ordering information, possibly due to pressure timing and area differences of fingers and presses and combinations of all these factors. However, the study provides a distance metric for non-random passwords.