The researchers proposed a few ways smartphone hardware can defend against thermal attacks. Briefly increasing screen brightness to its maximum, or triggering a short burst of CPU activity, could heat up the entire phone and make PIN detection difficult.
Some people may be predisposed to a natural defense: Cool hands make it harder to detect heat traces from PIN entry, the researchers found, because the difference in temperature between the screen’s glass and the finger is less pronounced. Hot hands, on the other hand, may prolong the window of attack.
I usually use a fingerprint reader to log into my iPhone, but when I can’t, I type in a long password that has letters, numbers, and symbols. Since it takes a bit longer to type it in than a four-digit PIN, an attacker would have less time to capture the heat traces after I finish typing—but what if I typed it quickly?
“I would guess that if you are a fast typist that means the contact time is reduced, which will influence the amount of heat transferred,” Abdelrahman told me. “Hence, the heat traces left behind will be less, so still it might be hard to infer the long PINs.”
But if I’m typing quickly, I may be exerting more pressure with each stroke, she said, which could end up increasing the intensity of the heat traces I leave behind.
Maybe I’ll just keep my phone in my pocket.