Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINs

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

Why does attacker need to control an access point?

[mi]

when the attacker controls a rogue WiFi access point

Why? It would seem, the technique can be used with a perfectly passive radio-receiver, which would not be (mis)taken for an access point at all.

BTW, are you covering your mouth, when you talk outside? Your words can be deciphered from far away by a lip-reading expert (or software). Supposedly, only 30-40% of English language can be "read" over the speaker's lips alone. That may be true for human lip-readers, but there is software, that claims 93.4% success rate. The attack described in TFA has only 68% accuracy... For now...