Smartphone WiFi Signals Can Leak Your Keystrokes, Passwords, and PINs (bleepingcomputer.com) 46
Bleeping Computer warns that "The way users move fingers across a phone's touchscreen alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed...when the attacker controls a rogue WiFi access point." The new WindTalker attack leverages the "channel state information" in WiFi signals. An anonymous reader quotes their article:
Because the user's finger moves across the smartphone when he types text, his hand alters CSI properties for the phone's outgoing WiFi signals, which the attacker can collect and log on the rogue access point... By performing basic signal analysis and signal processing, an attacker can separate desired portions of the CSI signal and guess with an average accuracy of 68.3% the characters a user has typed... but it can be improved the more the user types and the more data the attacker collects.
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."
The new attack is described in a research paper titled "When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals."
In that case I'll use a bluetooth keyboard instead (Score:2)
Re: (Score:2)
"The way users move fingers across a phone's touchscreen"
Type with thumbs!
Re: (Score:1)
Re: (Score:2)
Cyanogenmod (I think?) used to have a very clever fix for this. An option to scramble the positions of the numbers on your lockscreen so that 'finger movement' patterns would be meaningless. That helps with prying eyes watching you enter your pin too.
But I'm running CM 13 on my phone, and it doesn't seem to have that option anymore.
Not only WiFi (Score:5, Funny)
some smartphones (namely the Samsung Galaxy Note 7) can leak passwords through smoke signals.
Model M (Score:2)
Use a real keyboard or an emulation [github.com] and wifi won't be required. The side channel will be audio, easy to distinguish by an unaided human ear, from the next building.
The Whole System Is Insecure (Score:2)
Always has been. Always will be. Privacy should be put up for display in the Smithsonian along side dinosaurs and freedom.
Re: The Whole System Is Insecure (Score:2)
Because safes were perfectly secure? Privacy and anonymity are recent cultural developments along with urbanization. Prior to urbanization the entire local government knew you by name, they didn't need any fancy face recognition database. And everybody in town knew your address, your interests, your religion, all of it.
Why does attacker need to control an access point? (Score:5, Interesting)
Why? It would seem, the technique can be used with a perfectly passive radio-receiver, which would not be (mis)taken for an access point at all.
BTW, are you covering your mouth, when you talk outside? Your words can be deciphered from far away by a lip-reading expert [google.com] (or software). Supposedly, only 30-40% of English language can be "read" over the speaker's lips alone [signlanguagenyc.com]. That may be true for human lip-readers, but there is software, that claims 93.4% success rate [telegraph.co.uk]. The attack described in TFA has only 68% accuracy... For now...
Re: (Score:1)
So, it's pretty easy to wreck a nice beach these days, huh?
Really? (Score:3)
Re: (Score:2)
That sounds like... (Score:2)
Re: (Score:2)
Re: (Score:2)
It's really just a $5 investment [xkcd.com]...
I'm going back to using (Score:2)
punched Holerith cards .... although someone will probably find a way to work out what they contain by looking at the chads ...
JFC (Score:4, Informative)
People should assume that nothing is secure at this point. If you have an advanced device, someone will be able to spy on you.
Starting to wonder if the smartphone (advanced operating system, application ecosystem, sensors out the wazoo) are basically a net loss for society, even before you get to the actual cultural effects of mass, constant, information/internet use.
Re: (Score:1)
We don't have to give up on privacy or security. In fact, that advanced device in our pocket could greatly improve our privacy and security, which could protect or replace the items we already carry in your wallet or purse.
The demand for smartphone features allows companies to design products which actively violate security and privacy because there is no alternative to obtain those features. Perhaps there is no perfectly secure device, but the smartphone is intentionally designed to NOT achieve it.
Re: (Score:2)
In fact, that advanced device in our pocket could greatly improve our privacy and security
How could it "greatly improve privacy and security" over, say, life in 1998? -- with the sole exception of a better voice call GSM/CDMA encryption algorithm.
CSI? (Score:5, Informative)
CSI is Channel State Information, in case you were wondering, since the editors don't do their jobs.
Re: (Score:1)
I offer you a deep heart felt, "Thank you."
Re: (Score:2)
CSI is Channel State Information, in case you were wondering, since the editors don't do their jobs.
That's what CSI stands for? No wonder i could never get into that TV show.
Password managers like Lastpass (Score:1)
Yes, I think (Score:1)
No pro blame (Score:2)
I use Siri to duct tape my massages.
AI-Proof Security (Score:1)
Smartphone WiFi Signals Can Leak . . . (Score:1)
ANY electronic communication device has variations in it's internal electronic / emission-producing process of generating an output, which are device-specific - - - but still decode-able with the proper software / tools / information.
If you generate a data stream, the hardware produces variations which are emitted by the electronic circuits, and those variations can be intercepted and decoded with sufficient information about the generating equipment. This electronic 'leakage' cannot be dealt with unless y
Just a TEMPEST... (Score:2)
I'm astonished. That's possible?? (Score:2)