Bekaert, P.; Alotaibi, N.; Mathis, F.; Gerber, N.; Rafferty, A.C. et al.: Are Thermal Attacks a Realistic Threat? Investigating the Preconditions of Thermal Attacks in Users' Daily Lives. In: NordiCHI '22: Nordic Human-Computer Interaction Conference. New York, NY : Association for Computing Machinery, 2022, 76. DOI: https://doi.org/10.1145/3546155.3546706
Zusammenfassung: | |
Thermal attacks refer to the possibility of capturing heat traces that result from interacting with user interfaces to reveal sensitive input, such as passwords. The technical feasibility and effectiveness of thermal attacks have already been demonstrated. Yet, several preconditions have to be met for successful thermal attacks. In this paper, we investigate user awareness of thermal attacks and to which extent the attack's preconditions are met in the users' daily lives. We present results from an online study with 101 participants showing that users are frequently at risk of thermal attacks based on their behavior, e.g., due to leaving devices unattended, or their choice of authentication method. Further, only 7 of our 101 participants had heard of thermal attacks. Based on our results, we discuss the implications on user security, operators of public spaces, and the development of thermal attack-resistant input methods. | |
Lizenzbestimmungen: | CC BY 4.0 Unported |
Publikationstyp: | BookPart |
Publikationsstatus: | publishedVersion |
Erstveröffentlichung: | 2022 |
Die Publikation erscheint in Sammlung(en): | Fakultät für Elektrotechnik und Informatik |
Pos. | Land | Downloads | ||
---|---|---|---|---|
Anzahl | Proz. | |||
1 | Germany | 2 | 66,67% | |
2 | Indonesia | 1 | 33,33% |
Hinweis
Zur Erhebung der Downloadstatistiken kommen entsprechend dem „COUNTER Code of Practice for e-Resources“ international anerkannte Regeln und Normen zur Anwendung. COUNTER ist eine internationale Non-Profit-Organisation, in der Bibliotheksverbände, Datenbankanbieter und Verlage gemeinsam an Standards zur Erhebung, Speicherung und Verarbeitung von Nutzungsdaten elektronischer Ressourcen arbeiten, welche so Objektivität und Vergleichbarkeit gewährleisten sollen. Es werden hierbei ausschließlich Zugriffe auf die entsprechenden Volltexte ausgewertet, keine Aufrufe der Website an sich.