A study by security researchers at the Shanghai University Jiao Tong (China) has carried out a study that shows that it is possible to steal passwords, PIN numbers and any keystrokes on smartphones through WiFi signals.
The way in which users move their fingers through the touch screen of a mobile phone alters the CSI (Channel Status Information) radio signals, which is part of the WiFi protocol and are transmitted by the device, which Causes interrupts that attackers can intercept and analyze. Then, by applying reverse technology, they can know precisely what the victim has written on their device.
To take advantage of this circumstance, the Chinese researchers have developed a keystroke called WindTalker, a framework that allows the attacker to infer the pulsations on the screen of a mobile device through WiFi signals. To obtain the data it is not necessary the presence of external devices near the victim’s smartphone, all that is needed is that it is connected to a public WiFi.
WindTalker is easy to deploy and difficult to detect. In addition, it has the ability to jointly analyze Internet traffic and the interference of the pulsations, so that the attacker finds it easy to identify the moments in which the user has entered credentials.
To carry out the study, the team implemented WindTalker on several mobiles and performed a detailed analysis to assess the accuracy with which it was possible to find out the password of Alipay, one of the largest mobile payment platforms in the world.
The results revealed that through this system it is possible to guess the keys with an average accuracy of 68.3%, although this figure varies according to the brand and the device model.
So, if you liked this article then simply do not forget to share this article with your friends and family.