Modern Wi-Fi doesn’t just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal.
A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing the radio signal can reveal private information, using just one malicious Wi-Fi hotspot.
In this paper, published by the Association of Computing Machinery, they claim covert password snooping as high as 81.7 per cent, once their system has enough training samples.
It’s an attack that wouldn’t work if you had a primitive Wi-Fi setup with just one antenna, because it relies on the sophisticated beam-forming implemented in Multiple-Input, Multiple-Output (MIMO) antenna configurations.
In a modern Wi-Fi setup, beam-forming is controlled by software that uses the small phase differences between antennas to reinforce signals in some directions, and cancel them out in other directions.
That’s what the researchers exploited: because the kit is designed to manage very small changes in signal, the researchers worked out the link state changes when the user’s hand is moving near the phone – such as when they’re using the screen input.
In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). The adversary can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user’s number input. WindTalker presents a novel approach to collect the target’s CSI data by deploying a public WiFi hotspot.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
1 Comment
Tomi Engdahl says:
Your body reveals your password by interfering with Wi-Fi
Wave goodbye to security if crims can pop a MIMO router
http://www.theregister.co.uk/2016/11/13/researchers_point_finger_at_handy_smartphone_exploit/
Modern Wi-Fi doesn’t just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal.
A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing the radio signal can reveal private information, using just one malicious Wi-Fi hotspot.
In this paper, published by the Association of Computing Machinery, they claim covert password snooping as high as 81.7 per cent, once their system has enough training samples.
It’s an attack that wouldn’t work if you had a primitive Wi-Fi setup with just one antenna, because it relies on the sophisticated beam-forming implemented in Multiple-Input, Multiple-Output (MIMO) antenna configurations.
In a modern Wi-Fi setup, beam-forming is controlled by software that uses the small phase differences between antennas to reinforce signals in some directions, and cancel them out in other directions.
That’s what the researchers exploited: because the kit is designed to manage very small changes in signal, the researchers worked out the link state changes when the user’s hand is moving near the phone – such as when they’re using the screen input.
When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
http://dl.acm.org/citation.cfm?id=2978397
In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). The adversary can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user’s number input. WindTalker presents a novel approach to collect the target’s CSI data by deploying a public WiFi hotspot.