Sign In

Communications of the ACM

ACM TechNews

Cybercriminals Can Steal All Your Passwords From Thin Air With This $25 Wi-Fi Hack

Ordering tickets via a smartphone is not that secure.

Researchers have worked out how to steal your passwords, PINs, and pattern-lock swipes by analyzing Wi-Fi signals to see how your fingers move on a smartphone screen.

Credit: iStock

Researchers from the University of Massachusetts Boston, the University of South Florida, and China's Shanghai Jaio Tong University have developed WindTalker, a system that can analyze Wi-Fi networks and covertly detect and record passwords by looking at the directions radio waves travel to provide wireless Internet coverage.

The antennas of modern Internet routers make small changes to strengthen radio signals going in some directions, while signals going in other directions are canceled out. Since the routers are designed to detect and manage very small changes to the signals to ensure that devices are always receiving the highest-quality signal, this technology can be exploited to track a user's hand as it swipes and types.

The researchers deployed a malicious public Wi-Fi access point using $20 antennas, the attacker's laptop, and a $5 networking card. The setup was one meter from a target sitting at a table with a smartphone. After the user connected to the free Wi-Fi, WindTalker extracted sensitive data by analyzing and processing the radio signals to separate the parts of the signal it needed.

The researchers found WindTalker accurately monitored and detected passwords commonly used by banks and payment apps with 81.7% accuracy.

From International Business Times (United Kingdom)
View Full Article


Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


No entries found