Researchers from the University of Stuttgart and Ludwig Maximilian University of Munich in Germany have managed to identify secret codes in smartphones by tracking the
heat traces left on the screen.
The researchers used a thermal-imaging camera to identify thermal images on a smartphone's screen, which reveal what parts of the screen were tapped, even after it is left untouched for 30 seconds. This alllowed them to "steal" PINs or patterns left behind by the smartphone's owner.
"PINs and patterns remain among the most widely used knowledge-based authentication schemes. As thermal cameras become ubiquitous and affordable, we foresee a new form of threat to user privacy on mobile devices," the researchers said.
Thermal cameras allow performing thermal attacks, where heat traces, resulting from authentication, can be used to reconstruct passwords.
The researchers said that while PINs remain vulnerable even with duplicate digits, overlapping patterns significantly decrease successful thermal attack rate.
If the thermal image is taken within 15 seconds of a PIN being entered, it is accurate nearly 90 percent of the time, they said.