SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
15 Nov 2016

Wi-Fi signal interference can leak your passwords and keystrokes

Hackers can steal your sensitive information, such as your Passwords, PINs and Keystrokes, from your phone by observing changes in the wireless signal as you enter them into your smartphones.

A group of researchers from the Shanghai Jaio Tong University, the University of South Florida and the University of Massachusetts at Boston have demonstrated a new technique that can reveal private information by analyzing the radio signal Interference, using just one rogue Wi-Fi hotspot.

Dubbed WindTalker, the attack sniffs a user's fingers movement on the phone's touchscreen or a computer's keyboard by reading the radio signal patterns called Channel State Information (CSI). CSI is part of the Wi-Fi protocol which provides general information about the status of the Wi-Fi signal. "WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI)," the researchers writes in their paper titled, 'When CSI Meets Public Wi-Fi: Inferring Your Mobile Phone Password via Wi-Fi Signals.'

"The adversary can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user’s number input." Here’s How An Attacker Track your fingers moves on a smartphone screen:

When you enter your PIN number or password in any app or swipe your smartphone lock screen pattern, your finger movements alter the Wi-Fi signals transmitted by a mobile phone, and the movements are imprinted into the signal.

Now, hackers with control to a public Wi-Fi hotspot to which your device is connected to could then intercept, analyze, and reverse engineer those signals to accurately guess what sensitive data you have typed into your phone or in password input fields.

The WindTalker attack is particularly effective as it does not require any access to the victim's phone and works with regular mobile phones.

The attack needs the hacker to control a rogue Wi-Fi access point to which the target will connect to and collect Wi-Fi signal disturbances.

WindTalker will also not work with older internet router that has one antenna to broadcast Wi-Fi signals around your home, as it relies on a technology called Multiple Input, Multiple Output (MIMO).

However, this is not a problem because the latest wireless routers now come with multiple antennas and MIMO technology, which enables routers to connect and transmit data from multiple devices simultaneously.

WindTalker Attack has an Over 68% Accuracy

The researchers tested the WindTalker attack in a real-world scenario against several mobile phones and were able to recover the 6-digit transaction PIN required to complete a mobile payment transaction via Chinese Payment Service Alipay.

    The researchers said, "the evaluation results show that the attacker can recover the key with a high successful rate. In practice, the attackers have more choices to achieve the user specific training. For example, it can simply offer the user free Wi-Fi access and, as the return, the victim should finish the online training by clicking the designated numbers. It can also mimic a Text Captchas to require the victim to input the chosen numbers," the researchers said. "Even if there is only one training sample for one keystroke, WindTalker can still achieve a whole recovery rate of 68.3%."

The accuracy of the WindTalker attack is different based on mobile phone models, and the accuracy could also be improved with users typing more and the attacker collecting more data on it. The WindTalker attack technique was also presented at the 23rd Association for Computing Machinery Conference on Computer and Communications Security, held in Vienna, Austria, from 24 to 28 October.

Tags:
password Wi-Fi
Source:
The Hacker News
1940
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015