Vulnerability Management, Threat Intelligence

Numerical passwords compromised via WiFi in new attack

BleepingComputer reports that numerical passwords could be exfiltrated from WiFi-connected smartphones using the novel WiKI-Eve attack technique, which exploits the beamforming feedback information feature to yield up to 90% accuracy in determining numeric keystrokes. With its ability to seize WiFi signals upon password input, WiKI-Eve had 85% and nearly 66% accuracy in deciphering six-digit numerical passwords and complicated app passwords, according to a study by a team of Chinese and Singaporean university researchers. However, the report noted that leveraging the attack technique requires target identification through MAC addresses or other network identity indicators. Attackers could then utilize traffic monitoring tools to capture targets' BFI time series upon password entry. "Though they only account for part of the downlink CSIs concerning the AP side, the fact that on-screen typing directly impacts the Wi-Fi antennas (hence channels) right behind the screen allows BFIs to contain sufficient information about keystrokes," said researchers. Such findings should prompt improved WiFi access point and smartphone app security measures.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.