We live in a world today where every other day we meet new technologies and risks associated with them. With the modern Wi-Fi, we are getting fastest browsing, but also compromising our passwords, PINs onto the radio signal as it imprints our finger movements.
Researchers from the University of Massachusetts at Boston, the Shanghai Jaio Tong University, and the University of South Florida have demonstrated WindTalker, a kind of attack that can reveal private information when the attacker controls a malicious Wi-Fi hotspot to collect Wi-Fi signal fatalities.
They published a paper, naming it “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals.” Well, this is no crime scene investigation; instead, here CSI means “channel state information.”
WindTalker relies on modern Multiple-input, Multiple-output (MIMO) antenna configurations. The controller software in these modern Wi-Fi routers uses small phase differences between the antennas to cancel or reinforce signals in various directions. It means this attack won’t work if you have a vintage router with just one antenna.
How does it work?
When you swipe your lock screen or draw any pattern, or put passwords or PIN number, the movements of your finger change the Wi-Fi signal transmitted by your phone, and the movements are plotted into the signal.
Now, hacker those have control to a Wi-Fi access point to which you connect your device then intercept, examine and reverse engineer those signal to correctly anticipate what sensitive data you’ve put into your phone, without even accessing your phone. The below picture is the CSI values of a user, continuously taps on the same or different buttons.
Well, there’s a simple way to block WindTalker. Researchers suggested companies who crafted payment apps should randomize the keypad layouts. Hackers can still infer your finger position, but can’t find out which key you’ve actually pressed.