It’s now almost a daily thing to hear of one threat or the other especially from some of our most beloved devices. Last October, we brought to you the potential danger in texting while Skyping and how some of your most guarded secrets can be intercepted by hackers.
Today is all about smartphones and Wi-Fi though. It is said that Wi-Fi signals on your smartphone can actually give away your password and PINs and anyone who this information has it all. From your photos to transaction history, they really have it all.
The way you move your fingers across your phone’s screen also changes the strength of Wi-Fi signals transmitted by your phone. It is this interruption that an attacker can take advantage of by intercepting and reverse engineering to get what a potential victim may have typed.
In an article posted on Bleeping Computer website, they said “this type of attack, nicknamed WindTalker, is only possible when the attacker controls a rogue WiFi access point to collect WiFi signal disturbances.
Control over the WiFi access point is also imperial since the attacker must also know when to collect WiFi signals from the victim, in order to capture the exact moment when the target enters a PIN or password.
The attacker can achieve this by using the access over the WiFi access point to sniff the user’s traffic and detect when he’s accessing pages with authentication forms.”
Having read to this point, you may be thinking that this kind of attack sounds quite unrealistic but you see the first step is to have access to your Wi-Fi network. Right now, over 60 percent of all available Wi-Fi networks are vulnerable and in fact it takes a low level hacker to successfully gain access to your network (home or enterprise). That’s why this is so important and with WindTalker netting a 68.3 percent accuracy ion average, you can do the math to see just how potent this threat is.
Another reason you shouldn’t see this as futuristic or even unrealistic is because it relies on a basic radio signal property called CSI (Channel State Information) which gives us information about the signal property from transmission to reception (i.e. from transmitter to receiver). So with the right tools, one is able to estimate the how much a signal has faded, how much is scattered due to multipath effects, eventual distance traveled, amount of power needed to transmit and receive a signal among others. Each time you send and receive messages and files over Wi-Fi or any related technology for that matter, signals are transmitted from your phone and vice versa.
Using the right signal processing tools to estimate the properties mentioned above, “separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed.”
As with many online threats, WindTalker is also dynamic and improves its accuracy which means the more a user types and swipe across their smartphone screen, the more data can be collected by the attacker.
Researchers have detailed more on WindTalker in a paper titled “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals.”
Image: Trick Discovery