Thermal imaging technologies are continuously becoming more affordable and accessible to everyone. Today, a thermal camera can be bought for less than £150. Thermal imaging can be used maliciously to infer the user input on keyboards and touchscreens. For example, taking a thermal image of a keyboard after a user has interacted with it reveals recent input such as passwords, or sensitive messages.

In this project, we aim to:

  1. assess the viability of thermal attacks in everyday computer and mobile usage scenarios,
  2. develop and evaluate methods for resisting them on desktop and mobile settings, and
  3. raise awareness about this threat and possible countermeasures through impact activities.

This work has been funded by the Royal Society of Edinburgh (RSE Award number 65040), the EPSRC (grant number EP/V008870/1) and the PETRAS National Centre of Excellence for IoT Cybersecurity, which is also funded by the EPSRC (EP/S035362/1).

Thermal cameras can observe and steal passwords, passcodes and patterns after they are entered. Machine learning can further automate this process, but it can also be used to protect us from these attacks proactively.