Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINs

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

In that case I'll use a bluetooth keyboard instead

[JoeyRox]

That should be more secure then. Oh wait...

Not only WiFi

some smartphones (namely the Samsung Galaxy Note 7) can leak passwords through smoke signals.

Model M

[KiloByte]

Use a real keyboard or an emulation and wifi won't be required. The side channel will be audio, easy to distinguish by an unaided human ear, from the next building.

The Whole System Is Insecure

[zenlessyank]

Always has been. Always will be. Privacy should be put up for display in the Smithsonian along side dinosaurs and freedom.

Re: The Whole System Is Insecure

[im_thatoneguy]

Because safes were perfectly secure? Privacy and anonymity are recent cultural developments along with urbanization. Prior to urbanization the entire local government knew you by name, they didn't need any fancy face recognition database. And everybody in town knew your address, your interests, your religion, all of it.

Why does attacker need to control an access point?

[mi]

when the attacker controls a rogue WiFi access point

Why? It would seem, the technique can be used with a perfectly passive radio-receiver, which would not be (mis)taken for an access point at all.

BTW, are you covering your mouth, when you talk outside? Your words can be deciphered from far away by a lip-reading expert (or software). Supposedly, only 30-40% of English language can be "read" over the speaker's lips alone. That may be true for human lip-readers, but there is software, that claims 93.4% success rate. The attack described in TFA has only 68% accuracy... For now...

Really?

[Forthan+Red]

Just one more "research paper" with results that no one else will be able to reproduce. Of no value, except for providing material for "Wait, Wait, Don't Tell Me".

Re:Really?

[GTRacer]

This is one of those times I really wished I had mod points - Insightful, and supportive of a great show to boot!

That sounds like...

[sugapablo]

Way too much trouble. If someone invests that much time and effort to get lil ole me's passwords, they've earned them.

Re:That sounds like...

[AK+Marc]

Yup. At most, it'll be used for billion dollar corporate espionage, or a little government spying, but unless you are CEO of Toyota, or head of a government, you have nothing to worry about.

Re:That sounds like...

[cdrudge]

It's really just a $5 investment...

Re:In that case I'll use a bluetooth keyboard inst

[infolation]

"The way users move fingers across a phone's touchscreen"

Type with thumbs!

I'm going back to using

[Alain+Williams]

punched Holerith cards .... although someone will probably find a way to work out what they contain by looking at the chads ...

Re:In that case I'll use a bluetooth keyboard inst

[Rob+Y.]

Cyanogenmod (I think?) used to have a very clever fix for this. An option to scramble the positions of the numbers on your lockscreen so that 'finger movement' patterns would be meaningless. That helps with prying eyes watching you enter your pin too.

But I'm running CM 13 on my phone, and it doesn't seem to have that option anymore.

JFC

[Etcetera]

People should assume that nothing is secure at this point. If you have an advanced device, someone will be able to spy on you.

Starting to wonder if the smartphone (advanced operating system, application ecosystem, sensors out the wazoo) are basically a net loss for society, even before you get to the actual cultural effects of mass, constant, information/internet use.

Re:JFC

[peawormsworth]

We don't have to give up on privacy or security. In fact, that advanced device in our pocket could greatly improve our privacy and security, which could protect or replace the items we already carry in your wallet or purse.

The demand for smartphone features allows companies to design products which actively violate security and privacy because there is no alternative to obtain those features. Perhaps there is no perfectly secure device, but the smartphone is intentionally designed to NOT achieve it.

Re:JFC

[Etcetera]

In fact, that advanced device in our pocket could greatly improve our privacy and security

How could it "greatly improve privacy and security" over, say, life in 1998? -- with the sole exception of a better voice call GSM/CDMA encryption algorithm.

Re:Why does attacker need to control an access poi

[fustakrakich]

So, it's pretty easy to wreck a nice beach these days, huh?

CSI?

[wonkey_monkey]

CSI is Channel State Information, in case you were wondering, since the editors don't do their jobs.

Re:CSI?

I offer you a deep heart felt, "Thank you."

Re:CSI?

[jittles]

CSI is Channel State Information, in case you were wondering, since the editors don't do their jobs.

That's what CSI stands for? No wonder i could never get into that TV show.

Password managers like Lastpass

[rebtun]

Might be a reasonable solution?

No pro blame

[93+Escort+Wagon]

I use Siri to duct tape my massages.

Yes, I think

[bigbang137]

Yes. I don't recall the last time I actually manually typed a password on my smartphone. It's almost always copy-pasted.

AI-Proof Security

[bigbang137]

We need a concept of AI-Proof Security, one that even the best AI or signals analysis algorithms cannot crack except via brute force. For one this means adding a lot of random noise to thwart the signals, or otherwise to use equal signals. The point is that there shouldn't be exploitable patterns in the signals, and if they do exist, future AI will seek them out. How can we do this? Using AI, of course.

Smartphone WiFi Signals Can Leak . . .

[rickyslashdot]

ANY electronic communication device has variations in it's internal electronic / emission-producing process of generating an output, which are device-specific - - - but still decode-able with the proper software / tools / information.
If you generate a data stream, the hardware produces variations which are emitted by the electronic circuits, and those variations can be intercepted and decoded with sufficient information about the generating equipment. This electronic 'leakage' cannot be dealt with unless you barricade your 'source' devices behind a Faraday cage and good encryption.
ANYTHING electronic used for communications inherently has variations in it's internal electronic emission patterns in the process of producing the transmitted data, otherwise the data-stream would just be 'null-data'. If you expose the generating electronics to the world-at-large, then expect your source-electronics' variations to be intercepted, decoded, and read by any agency with sufficient knowledge of your communication device and it's electronic characteristics.
On the same (more or less) issue, anybody using a COM device in the open (WiFi, Cell phone, Texting, - even copper-link telephones), should expect the information to be intercept-able ( and intercepted under the wide spanning sweep of our snooping intelligence agencies).

Remember, if your source is protected (emission shielded), then your best friend is ENCRYPTION - - - and even if it is breakable, it still serves a purpose - - - it makes the 'snoops' spend time and resources to decode your "pizza order sent to your brother for Friday night's poker game" - - - rofl

Just a TEMPEST...

[srussia]

in a telephone.

I'm astonished. That's possible??

[sabbede]

I can see it as theoretically possible, but exploiting it seems damn near impossible. If it's actually doable, I'm blown right the hell away.