Creative keyboard attack allows passwords to be stolen using the heat from your fingers

Security researchers are arguing that passwords represent an increasingly wobbly method of verification, following the discovery of an exploit that can potentially discern a password using the thermal energy residue left on recently pressed keys.

As spotted by Bleeping Computer, computer scientists from the University of California, Irvine (UCI), have named the attack Thermanator, and it involves the usage of a ‘mid-range thermal camera’ to scan the keys and detect the heat residue left on them.

Gene Tsudik, a computer science professor at UCI, observed that an attacker could “capture keys pressed on a normal keyboard, up to one minute after the victim enters them”. He added: “If you type your password and walk or step away, someone can learn a lot about it after-the-fact.”

Of course, this is not a trivial exploit to pull off. The attacker needs to have the thermal camera in place with a clear view of the keys, and there’s a time limit as the heat residue fades, as mentioned. But if the attacker moves quickly enough – i.e. within 15 seconds or so – the thermal imprints left are quite strong.

If the keys used to type the password are discerned, the attacker can later crunch this data and engage in a dictionary attack (repeatedly trying combinations) to brute force the login in question.

The researchers ran laboratory tests, and the paper on the exploit observed that: “Entire sets of key-presses can be recovered by non-expert users as late as 30 seconds after initial password entry, while partial sets can be recovered as late as one minute after entry.”

The researchers also found that ‘hunt and peck’ (i.e. two finger) typists were more vulnerable to this exploit, as the thermal traces they left when typing were stronger.

So is this a good reason to learn to touch type? Well, in all honesty, the odds of you being hit by this sort of attack in a real-world situation are vanishingly slim, at least right now – but it does point the way to the perils of the future.

Thermal imaging keyboard

Mission: Possible

And it’s not unthinkable that this sort of thing could happen in the near future. The researchers noted: “As formerly niche sensing devices become less and less expensive, new side-channel attacks move from ‘Mission: Impossible’ towards reality. This is especially true considering the constantly decreasing cost and increasing availability of high-quality thermal imagers.”

If you’re concerned, one mitigation technique the researchers offer up is simply to run your hands across the keyboard after a password entry in a public place. It’s also a good idea to never leave your notebook unattended in public, too – but that’s just general good security practice.

There are other potential vulnerabilities here aside from laptop or PC keyboards, and thermal imaging tricks could be used to try and discover PIN numbers at ATMs, for example.

Furthermore, there are a range of other exploits to determine key presses and work out passwords, too, such as using the physical vibrations made by tapping the keys. Going forward, the researchers argue that traditional passwords need to be consigned to the dustbin, in favor of more secure methods of authentication like biometric.

  • Even the best laptops require good security practices

The OnePlus 5 and OnePlus 5T will support Project Treble after all

Will they? Won’t they? The saga of whether or not the OnePlus 5 and the OnePlus 5T will be upgraded to support Project Treble has had its twists and turns, but everything turned out alright in the end – OnePlus has confirmed that these 2017 handsets will indeed get Treble support very soon.

For those joining us late, Project Treble is Google’s latest initiative to get Android phones running more recent software more quickly. It cuts down the amount of work manufacturers have to do to get Android upgrades ready for their own phones, which in theory should mean speedier roll outs.

Last year a OnePlus rep said the OnePlus 5 and the OnePlus 5T wouldn’t be getting Project Treble support, meaning more work for OnePlus to get Android P ready for these phones, and a longer delay as a result. That position now seems to have been reversed.

Trebles all round

Project Treble is already built into the OnePlus 6 (perhaps one reason why it has access to the Android P beta), and has just arrived in the beta version of OxygenOS, now available for the two immediate predecessors to the OnePlus 6. The user interface of OnePlus’ take on Android gets a few extra improvements and tweaks too.

“After several months of evaluation and hard work, we finally found a solution to make this possible, and we are very excited to share this good news with you,” gushes OnePlus in the release notes for the OxygenOS open beta.

This doesn’t guarantee that the OnePlus 5 and OnePlus 5T will get ultra-fast updates in the future, but it’s a very good sign. If you don’t want to risk beta software on your phone – very wise of you – then the same upgrades should be rolling out in the stable version of OxygenOS in the not-too-distant future.

  • Google’s Project Treble will actually let you experience the latest Android updates

Via Android Police

Is a ‘live Google Earth’ coming?

Main image: Earth-i’s orbiting 4K Ultra HD can stream live video of the planet. Credit: Earth-i

What if the images in Google Earth were refreshed not every fews years, but every few seconds. Or just streamed as live video of Earth shot from space? What if the famous Google Street View vehicles weren’t vans, but drones?

All of this will soon be possible, thanks to a 4K Ultra HD camera that can stream full-color video back to Earth from more than 300 miles up. Meanwhile, drones and unmanned aerial vehicles (UAVs) are on the cusp of being able to offer high-resolution close-ups of everything, everywhere. Google Earth Engine has already made satellite imagery available for Earth scientists – is the future for Earth observation real-time video?

The first-ever color video from space

Having launched in January 2018, UK company Earth-i’s VividX2 satellite began sending back the first full-color video. As well as multi-angle images that construct a 3D model, it has a ‘video staring’ mode; as it passes over at more than four miles per second it constantly reorients its camera to fix on a particular location, producing a two-minute, 50fps video of that location. Each pixel represents 60cm or just under 24 inches. 

It can produce real-time video of airport runways, the movements of ships in harbors, and cargo around ports. The images can be used to monitor the exact number of cars on motorways, count how many people are crossing a national border, and even to calculate the real-time power output of a wind farm. 

a satellite image of earth

Earth-i’s VividX2 satellite produces two-minute videos at 50fps

Why do we need color video?

“If machine learning algorithms are applied, the addition of color definition offers much improved object recognition and tracking,” says Richard Blain, chief executive at Earth-i. “Color also enables much improved change detection between different dates – particularly when the image or video acquisition conditions are not perfect.”

Although it’s already functioning, the VividX2 satellite is actually a prototype for the company’s upcoming Vivid-i Constellation. “Earth-i will initially launch 15 satellites in batches of five,” says Blain. “This will give a daily revisit capability for any location on Earth at a minimum of three different times per day once the constellation is complete.”

Earth-i's VividX2 satellite

VividX2 is a prototype for the company’s Vivid-i Constellation. Credit: Earth-i

This is about big data

“Earth Observation data is becoming a major driver in the so-called Fourth Industrial Revolution – the era of Big Data analytics,” says Blain, who adds that AI is critical in analyzing the petabytes of data. “Location data is the foundation on which many big data solutions are being built to drive better decision-making and policy thinking the world over.”

There’s now a lot of Earth Observation data around. As well as a plethora of commercial satellite datasets, free Earth Observation data is provided by the European Commission’s Copernicus programme and the US Landsat satellites.

Earth Observation: Planet

Earth-i isn’t the only company focused on producing real-time satellite imagery. Planet Labs has 200 satellites in orbit including 175-pluse Doves, 13 SkySats and five RapidEye satellites, which have lately been used to identify changes at weapons facilities in Iran and North Korea, and even to track migratory birds. However, it only produces still black-and-white images, albeit at up to 72cm-per-pixel resolution images. Planet uses 13 SkySat satellites, some which it acquired from Google’s Terra Bella. Google is now a major investor in Planet, as well as a customer. 

Earth Observation: Urthecast

Having streamed color video from the International Space Station in 2015, Vancouver, Canada-based Urthecast is planning to launch 16 satellites – eight optical and eight radar (the latter to overcome cloud cover), orbiting in pairs – to form its OptiSAR constellation. Crucially, these satellites will also be orbiting on two different planes, so will create unique 3D or ‘geospatial’ images and 30fps video of the entire planet’s landmass, Antarctica excluded, refreshed once each day. 3D is important because Earth is covered in mountains, valleys and cities, so oblique views are crucial. 

However, that UrtheDaily service won’t begin until Urthecast launches its satellites, which it expects to do in 2019.

Is a live, real-time Google Earth technically possible?

Using satellites and/or drone technology, would it be possible to have a Google Earth-like service that not only used images that updated in real time, but also included live streaming video?

a QinetiQ Zephyr-7 High Altitude Pseudo-Satellite

HAPS like the QinetiQ Zephyr-7 are a ‘missing link’ between drones and satellites. Credit: Airbus

“From a technical point of view that is entirely possible,” says Blain, although the nature of orbital imagery does come at a high cost. “A low Earth orbit optical satellite cannot be stationary over one location, so to do persistent monitoring globally over a particular area, you’d need close to 1,000 satellites,” he says, “and many, many more drones or High Altitude Pseudo-Satellite (HAPS) to add the depth of data needed to achieve a constant ‘live’ picture of Earth.”

A HAPS is a platform that floats or flies at high altitude like an airplane, about 12 miles up, but operates more like a satellite; two of the major HAPS are the solar-electric QinetiQ Zephyr-S and Stratobus.

Graphic of a network of satellites

A live Google Earth-type service would require thousands of satellites and HAPs, and likely millions of drones. Credit: ESA Earth Observation Graphics Bureau

What about ‘drone maps’?

While satellites get the big picture, drones can capture the kind of detail needed for close-ups, such as those in the Google Maps Street View. Street View itself still has a lot of work to do in Africa, the Middle East and China, as Google’s own map demonstrates. Can drones help?

“Plan a flight with DroneDeploy from your iOS device, take off with your DJI drone, and see maps render on-screen during flight,” says Mike Winn, CEO and co-founder of drone software company DroneDeploy. “Your completed map is ready before the drone lands.”

DroneDeploy’s ‘Live Map’ software is the first capable of generating drone maps in real time. Farmers use the maps for analyzing the growth and health of crops, while construction companies can monitor the progress of a job site.

DroneDeploy’s 'Live Map' software

DroneDeploy’s ‘Live Map’ software generates drone maps in real time. Credit: DroneDeploy

The real-time future

The more satellites that are launched to cover the gaps in coverage, the better, but Earth-i’s move to video rather than stills is an exciting advance. “Wherever the asset, wherever the issue, wherever an emergency, Earth-i will be able to take color video from space every day, multiple times of day,” says Blain. “That is a major step forward towards near real-time Earth observation, and a significant leap forward from what has previously been possible.”

Space technology is advancing so quickly that it’s now possible for software like Google Earth to offer imagery that is just a few days, hours or even minutes old. “There is no reason companies should have to wait hours or even days for aerial insights, or operate with outdated satellite imagery,” says Winn. “As we see an increasing number of satellites, the ability to bring down data in real time will become more affordable and accessible for those who need it. Real time is the future.”

Do we need a live, real-time Google Earth?

Are instant aerial insights important? It may be possible, albeit complex, but does anyone actually need ‘eyes everywhere’ persistent monitoring? After all, we live on a mostly blue planet.

“More than 70% of the Earth is covered by oceans, and while Earth orbit satellites are increasingly playing their part in maritime surveillance, the oceans perhaps do not need such high persistent monitoring,” says Earth-i’s Blain. “Some locations are just more important than others, and this is what will drive the extent to which persistent monitoring of Earth is developed.”

So the future is probably demand-based, with more and more satellites able to provide color video from space of specific assets or emergencies. “For these constellations to be commercially viable there must be customers with Earth observation needs that require all of this data to be collected from space,” adds Blain.

TechRadar’s Next Up series is brought to you in association with Honor

These could be the specs inside Microsoft’s new cheaper Surface

It very much looks like Microsoft has a cheaper set of Surfaces in the pipeline, and thanks to some excellent digging on the part of WinFuture, we now have a better idea of how the price will be kept down: with Intel Pentium processors.

The Intel Pentium Silver N5000, Intel Pentium Gold 4410Y and Intel Pentium Gold 4415Y will be the chips lined up for the new configurations of the Surface, according to WinFuture’s source. Apologies to anyone who was hoping for an Intel Core m3 chip, as it looks like you’re out of luck.

Those processors are likely to be combined with 4GB or 8GB of RAM, according to benchmarks on the web that might well be the new devices in testing. These specs could change before the new Surfaces see the light of day, of course.

Keep taking the tablets

A less expensive line of Surface tablets makes a lot of sense when you consider that Apple’s latest iPad comes in at $329/£319/AU$469. The opening price point for the upcoming Surface refresh is rumored to be in the region of $400 (about £300/AU$540).

Exactly when we’re going to see these new tablets remains to be seen – Microsoft has said nothing about them officially up to this point – but considering they’ve just popped up at the FCC (Federal Communications Commission) in the US, we’d say they’ll be showing up sooner rather than later.

The devices are said to have a screen size of 10 inches, and include USB-C ports, unlike the more powerful and more expensive Surface Pro. As soon as we’ve got any formal announcements from Microsoft, we’ll let you know.

  • The best Windows tablets 2018: all of the top Windows tablets reviewed

Via The Verge