Thermanator: Thermal Residue-Based Post Factum Attacks On Keyboard Password Entry
Thermanator is a post factum thermal imaging attack that allows an adversary recover full password key sets up to
30 seconds and partial password key sets up to
1 minute after password entry. The attack uses a mid-range thermal imaging camera.
Full paper available on arxiv.
Thermanator was presented at the Black Hat Europe 2018. Abstract and presentation available.
Recent articles covering Black Hat Europe 2018 and our work:
"The best hacks from Black Hat Europe 2018", https://portswigger.net/daily-swig/the-best-hacks-from-black-hat-europe-2018
"14 Hot Sessions at Black Hat Europe 2018", https://www.bankinfosecurity.com/blogs/14-hot-sessions-at-black-hat-europe-2018-p-2691
Example attack scenario