Wifi Signals can leck your passwordsHackers can observe the wireless WIFI signal change, steal your passwords, PINs and codes keyboard shortcuts and other sensitive information.

screenshot-from-2016-11-16-09-20-39

From Shanghai Jiaotong University, joint research team of the University of South Florida, Massachusetts and Boston University announced the latest technology of their research. The technology only need to build a WIIF hot, you can analyze radio signals change and steal sensitive information.

This technology is named WindTalker, called the attack techniques by reading the channel state information (CSI) of the radio signal pattern, change, or touch-screen mobile phone sniffer computer keyboard keys motion.

CSI is part of the WIFI protocol, which provides a WIFI signal status information.

“An attacker could exploit the strong correlation between CSI and the fluctuation between keystrokes to infer the user’s number input.

The following is how to track the attackers move your finger on the smartphone screen:

screenshot-from-2016-11-16-09-17-25

When you enter your PIN, password or pattern lock screen slide smartphone APP in any action to change your finger will be transmitted to a wireless mobile telephone signals.

Now, hackers control of public wireless networks WIFI hotspot, your device is connected to the WIFI, hackers can intercept, analysis and reverse engineering of these signals. Hackers can accurately guess the sensitive data you enter or enter your password field.

Because no direct access to the victim handset, WindTalker attack was quite effective, and non-smart phones can achieve the same effect of the attack.

This attack requires the control of hackers WIFI hotspot connection target, the focus can be collected WIFI signal.

WindTalker does not run the old router, because it relies on a multiple-input multiple-output (MIMO) technique called.

screenshot-from-2016-11-16-09-18-20

But this is not a big problem, because the new wireless router to carry multiple antennas and MIMO technology, which makes routers can simultaneously connect and transfer data from multiple devices.

WindTalker attack success rate of 68%.

Researchers tested the phone using a variety of attack effect WindTalker in a real scene. Test, the researchers successfully restored the 6-digit PIN code Alipay transaction payment transactions entered.

The researchers said: “The test results show that the probability of an attacker with a high success rate can recover keys.

“In practice, the attacker has more options to implement user-specific training. For example, it may simply be to provide users with free WiFi access, in return, the victim should be specified by clicking on the number to complete the online training. It It can also mimic text codes require the victim to enter the selected number “the researchers said:” even if a keystroke is only one training sample, WindTalker can still achieve the overall recovery rate of 68.3%. ”

Accuracy WindTalker attacks on different phone models vary. And a user inputs more data on which to attackers collected more, its accuracy can be improved.

WindTalker attack techniques that have appeared on the 23th Computer and Communications Security Association for Computing Machinery Conference, held October 24 to 28 in Vienna, Austria.

Reference: thehackernews.com