Paper (paywalled by ACM)
Digestable Article - http://thehackernews.com/2016/11/hack-wifi-password.html
Summary
Essentially your fingers moves in a 3d space
on your phone, crossing the radial 3D WIFI signal emitted by the public WIFI
base station. The hacker app can detect these minor spacial disturbances and
ascertain your keystrokes, specifically your PIN and Credit Card number, with a
great degree of accuracy. All the hacker needs is to be on same public
WIFI as you.
Mobile Solution:
Don't use public WIFI (Starbucks, Seattle's Best, Duncan Donuts, McDonalds, Tim Hortons, Indigo) when make a payment. Switch it off.2nd Technical Article - https://blog.acolyer.org/2016/11/10/when-csi-meets-public-wifi-inferring-your-mobile-phone-password-via-wifi-signals/
CSI in this case stands for channel state information, which represents the state of a wireless channel in a signal transmission process. |
Now, hackers gain control of any unsecure public wireless networks WIFI hotspot, your device is connected to the WIFI, hackers can intercept, analysis and reverse engineering of these signals. Hackers can accurately guess the sensitive data you enter or enter your password field.
Because no direct access to the victim handset, WindTalker app attack was quite effective, and non-smart phones can achieve the same effect of the attack.
This attack requires the control of hackers WIFI hotspot connection target, the focus can be collected WIFI signal. Below picturre is data collected and keystrokes infered.
Alert 2: Keyboard Sniffing
Any tablet/laptop with a keyboard will also fall prey to this attack.
The above mobile attack was derived from previous research on "keyboard sniffing" which applies to any device with keyboard like a tablet (with an attachable keyboard) or laptop. This key paper "Keystroke Recognition Using WiFi Signals".pdf (Sep 7, 2015) thoroughly describes using software app WiKey to infer keystrokes. In the conclusion of the paper, we learn "WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%."
Digestable Article
Laptop Solution:
You can use the built-in On-Screen Keyboard when typing in sensitive passwords:
1. Windows
7,8,8.1,10 : Search for "On-Screen Keyboard" or Run->type
osk
No comments:
Post a Comment