Speaking of jaw-dropping, Mengyuan Li of Shanghai Jiao Tong University and colleagues published an astonishing and unsettling paper demonstrating how to capture key strokes from a simple hack to a public wi-fi router . This can be used to capture passwords without touching the target device, any additional devices, or line of sight!
The basic idea is that the hand and finger motions “introduce a unique interference to the multi-path signals” which can be detected to infer what is typed. Whoa! Cool!
They use a clever scheme tuned to grab passwords by analyzing traffic to infer when a PIN is being typed, and launching the sniffer at just the right time. (This selective context helps the accuracy of the detection.)
The paper presents lots of details that are way beyond my own grasp of radio signals and protocols . They also use learning algorithms to create a classifier for keystrokes on various models and devices.
This is amazing stuff, even though the experiment is limited. Real world situations are extremely varied and noisy, so the classifiers have poor accuracy, at least without a lot more training data.
They point out some simple defenses, including vigilance (don’t type your PIN when strange public wifis are listening!) and adding some random noise to the signals. The latter would be extremely effective against simple classifiers.
But it’s not how well the dog dances, it’s the fact that the dog dances at all!
If this group could make it work, I’m sure that well financed groups can make this idea work much better.
Very nice work.
- Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan, When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016, ACM: Vienna, Austria. p. 1068-1079.