Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINs

Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article: Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."

Not only WiFi

some smartphones (namely the Samsung Galaxy Note 7) can leak passwords through smoke signals.

Why does attacker need to control an access point?

[mi]

when the attacker controls a rogue WiFi access point

Why? It would seem, the technique can be used with a perfectly passive radio-receiver, which would not be (mis)taken for an access point at all.

BTW, are you covering your mouth, when you talk outside? Your words can be deciphered from far away by a lip-reading expert (or software). Supposedly, only 30-40% of English language can be "read" over the speaker's lips alone. That may be true for human lip-readers, but there is software, that claims 93.4% success rate. The attack described in TFA has only 68% accuracy... For now...

Really?

[Forthan+Red]

Just one more "research paper" with results that no one else will be able to reproduce. Of no value, except for providing material for "Wait, Wait, Don't Tell Me".

JFC

[Etcetera]

People should assume that nothing is secure at this point. If you have an advanced device, someone will be able to spy on you.

Starting to wonder if the smartphone (advanced operating system, application ecosystem, sensors out the wazoo) are basically a net loss for society, even before you get to the actual cultural effects of mass, constant, information/internet use.

CSI?

[wonkey_monkey]

CSI is Channel State Information, in case you were wondering, since the editors don't do their jobs.