CCS 2016 - When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals

　　If we want to continue enjoying a world that contains Wi-Fi, we may want to address some security issues present in our wireless LAN technology.One such issue is described in a new paper published by the Association of Computing Machinery. The result of a collaboration between researchers at Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida, it reveals how a malicious Wi-Fi hot spot could trace your fingers to reveal your online passwords.

　　Recommended Videos

　　The technique is called WindTalker, and it lets hackers effectively read the finger movements of a user as they pass over their phone display, using what is referred to as channel state information (CSI).

　　Related

　　Hackers are using this incredibly sneaky trick to hide malware This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram How smart light bulbs could steal your password

　　Exploiting the so-called “keystroke inference framework” technique, the researchers were able to successfully retrieve passwords being used on Chinese payment platform Aliplay on various smartphones.

　　At a high level, WindTalker works by analyzing the shadows created on a mobile device and then piecing these together to work out specific keystrokes which are being made. When enough training examples have been completed, the researchers suggest that passwords can be reverse-engineered with as much as 81.7 percent accuracy.

　　While the hack itself does require specific hardware to carry out, this only costs in the order of hundreds of dollars and is relatively easy to obtain.

　　So what, if anything, can be done about the risk?

　　“One possible defense strategies is to randomize the layouts of the PIN keypad,” Haojin Zhu, a computer science professor who worked on the paper, told Digital Trends. “Second, one of the common assumptions for different kinds of side-channel based keystroke inference attacks is that the users need to type the passwords in fixed gestures — so another defense strategy is changing the typing gestures from time to time to keep themselves safe. Third, the user can prevent the collection of CSI. For example, it is recommended to use network firewalls to block the abnormal Wi-Fi packets.”

　　A bit like the commonsense holiday safety advice about not waving your expensive camera around, the best suggestion may be the most obvious, though. “One simple recommendation for the public is not to connect to insecure public Wi-Fi,” Professor Zhu continued.

　　Zhu also said that the team is currently working to develop, “a comprehensive defending framework to defend the various side channel attacks via Wi-Fi signals.”

　　On balance, we liked WindTalker a whole lot more when it was a 2002 Nicolas Cage movie about U.S. Marines in World War II…