Thermal Imaging Attacks

Highlighted Publications

Our work on thermal attacks has been published at top HCI and Security Venues such as ACM TOPS, ACM IUI, and alike. Below are selected publications. To see a full list of publications, please visit this link. 

1. Karola Marky, Shaun Macdonald, Yasmeen Abdrabou, Mohamed Khamis. "In the Quest to Protect Users from Side-Channel Attacks - Investigating a User-Centred Design Space for Thermal Attack Protection." In Proceedings of the 32nd USENIX Security Symposium (USENIX Security 2023) 
   • In this paper, we report on a review of 15 protective strategies, and investigated user perceptions through an online study with 306 participants, culminating in user-centric design recommendations for thwarting thermal attacks.
2. Shaun Macdonald, Norah Alotaibi, Md Shafiqul Islam, Mohamed Khamis. "Conducting and Mitigating Portable Thermal Imaging Attacks on User Authentication with Machine Learning." In Proceedings of the Augmented Humans International Conference 2023 (AHs 2023)
   • At our Augmented Humans 2023 demo, we presented attendees with the chance to use a thermal camera to observe thermal traces on a keyboard, and observe how machine learning can both automatically identify keys pressed based and identify, then obfuscate, thermal images of a keyboard to prevent thermal attacks.
3. Shaun Macdonald, Habiba Farzand, Norah Alotaibi, Md Shafiqul Islam, Mohamed Khamis. "Change Policy or Users? Mitigating the Security Risks of Thermal Attacks." In the CHI 2023 workshop on Designing Technology and Policy Simultaneously: Towards A Research Agenda and New Practice. 
   
   • In this paper, we propose an AI-driven strategy to obfuscate vulnerable interfaces in the view of thermal cameras automatically, then discuss the advantages and limitations of attempting to enforce such a system-centred solution as policy, versus instead attempting to shape user behaviour.
      
4. Norah Alotaibi, John Williamson, Mohamed Khamis. "ThermoSecure: Investigating the effectiveness of AI-driven thermal attacks on commonly used computer keyboards." ACM Transactions on Privacy and Security. 2022.

• In this work, we examined the feasibility of thermal attacks on commonly used computer keyboards. We presented ThermoSecure, a system that analyzes thermal images to estimate user input. We also presented the first publicly available dataset of 1500 thermal images of keyboards.
  
  

Daniel Kirkwood, Cagdas Tombul, Calum Firth, Finn MacDonald, Konstantinos Priftis, Florian Mathis, Mohamed Khamis and Karola Marky. "PIN Scrambler: Assessing the Impact of Randomized Layouts on the Usability and Security of PINs." Proceedings of the 21st International Conference on Mobile and Ubiquitous Multimedia. 2022.

• In this work, we present usability (N=17) and security (N=24) evaluations to compare PIN entry with the standard vs randomized layout. Our results show that randomizing the layout increases resistance to shoulder surfing and thermal attacks significantly.
  
  

Paul Bekaert, Norah Alotaibi, Florian Mathis, Nina Gerber, Aiden Rafferty, Mohamed Khamis, Karola Marky. "Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users’ Daily Lives." Nordic Human-Computer Interaction Conference. 2022.

• In this work, we conducted an online study with 101 participants to investigate the risk of thermal attacks in users’ daily lives. Our results suggest that users frequently leave their touchscreen devices unattended. Furthermore, users are often at risk of thermal attacks due to their authentication method, allowing attackers to use thermal traces to reconstruct previously entered PINS and passwords.
  
  

Norah Alotaibi, Md Shafiqul Islam, Karola Marky, Mohamed Khamis. "Advanced Techniques for Preventing Thermal Imaging Attacks." 27th International Conference on Intelligent User Interfaces. 2022.

• In this research work, we implemented deep-learning models to detect interfaces and heat traces from thermal images. Four image obfuscation methods have been utilized to eliminate heat traces from the detected interfaces. Our preliminary results show that the proposed models can detect interfaces in thermal images and obfuscate the heat traces on them. 

Yasmeen Abdrabou, Reem Hatem, Yomna Abdelrahman, Amr Elmougy, Mohamed Khamis. "Passphrases Beat Thermal Attacks: Evaluating Text Input Characteristics Against Thermal Attacks on Laptops and Smartphones". In Proceedings of the 18th IFIP TC13 International Conference on Human-Computer Interaction (INTERACT 2021). 

• In this paper, we investigate the effectiveness of thermal attacks against the input of text with different characteristics on a smartphone touchscreen and a laptop keyboard. We found that long and complex strings are less vulnerable to thermal attacks, that visual inspection of thermal images reveals different parts of the entered text even if the attack is not entirely successful, and that entering text on laptops is more vulnerable to thermal attacks than on smartphones.