After the user touches the digits on the smartphone screen, the hacker can use the thermal camera to capture the area where the finger just touched to transfer the protection code.
According to The University of Stuttgart scientists has discovered a new way that hackers can take to steal smartphone PINs through thermal cameras with few simple steps
First, hackers use a thermal camera (which can detect temperatures from 19 degrees C to 32 degrees Celsius) to capture the screen of the phone as soon as the user enters a security code on it. Then using color conversion software to gray and reduce the noise on it.
Next, the process with 2 stages used to remove the image, leaving only the heat point where someone typed in their pin code. These heat points are then extracted into a 4-circle image.
Finally, let these circles fade with time, and the fade order is likely to give the exact key that the owner typed in.
When the above method is applied, the PIN rate is predicted to be accurate to 90% if the image is taken within 15 seconds of entering the PIN. Especially for Android phones, the predicted rate can be as accurate as 100%. Even if the thermal image was taken within 30 seconds after the user entered the PIN code, the accuracy rate was still very high.
With more and more heat cameras coming out on the mass market, such as CAT S601, the research is of great interest.
However, the scientists also offer some simple techniques to fight similar attacks. When users type the PIN, they should place both their hands on the screen to create a pattern with random heat points. In addition, users can also increase the screen brightness to a maximum level in a few seconds to make the display quicker to heat up, reducing the ability to predict.
For pattern code, Android users can reduce the risk of attack by using overlapping lines.