So, this is a fancier version of what is acheived by using a microphone to listen to the noise of your target's keyboard, and using the differing keysounds to infer the keys pressed. I've got to say, I'm impressed.
How to snoop on passwords with this one weird trick (involving public Wi-Fi signals)
Some smart cookies at institutions in China and Singapore have devised a technique for reading keystrokes and pilfering passwords or passcodes from Wi-Fi-connected mobile devices on public networks, without any hardware hacking. The technique is made possible thanks to beamforming feedback information (BFI), which consists of …
COMMENTS
-
-
Wednesday 13th September 2023 15:02 GMT Anonymous Coward
In one respect impressive in another..... they've got an 85% chance of correctly getting your pass code if it's numeric and if you're on an unencrypted connection and if you're close enough to the AP and of course they've got to know that you're typing is a pass code and not playing a game or typing a note or....
Or have I missed something?
-
-
-
Wednesday 13th September 2023 19:59 GMT DS999
Re: Famous last words
The definition of practical attack for some criminal trying to steal from people in an airport or Starbucks is different from that of the CIA, FSB, Mossad, whatever China's equivalent is called and so forth. It may be wildly impractical and unreliable, but if they can get it to work just once to help reveal some critical state secret of a foreign national it is still worth it to them.
-
Thursday 14th September 2023 08:33 GMT martinusher
Re: Famous last words
>but if they can get it to work just once to help reveal some critical state secret of a foreign national it is still worth it to them.
I suppose that officials are always sending a "critical state secret" using their smartphone over an unsecured WiFi connection? (Hint -- if someone was then the quality of the information would be doubtful at best)(Another hint -- "Pegasus")
-
Thursday 14th September 2023 22:22 GMT DS999
Re: Famous last words
You don't get the secret directly that way, but most intelligence isn't getting secrets directly. They gain scraps of information that can be leveraged to gain other scraps, and so forth. Maybe they communicate with someone with the code name of a double agent they are handling and it is someone your country really wants to stop because he's giving away all your secrets. Now you know that guy and the spy are linked so if you follow him long enough you find out who the double agent is and you can give him a polonium cocktail.
-
-
-
-
-
-
Wednesday 13th September 2023 13:22 GMT Graham Cobb
And most of the time, you don't actually type them in, you load them in from your keychain / password manager?
My first thought as well. If I am actually typing a password in an airport I am likely to be taking a lot more precautions. I will add "waving my phone about and moving around while doing it" to the list.
I guess that it does apply to the password for the password manager, though. Although that would require the hacker to then steal the phone as well in order to be able to use it.
-
-
Wednesday 13th September 2023 12:25 GMT IGotOut
So 85% accuracy..
.... probably in a very controlled and quiet lab.
Chuck in noise and different key layout (after all a iPhone keypad layout, is different to a Samsung, a Samsung different to Motorola, Motorola different to Huawei.Daves Huawei different to Bob's Huawei...and on and on. Throw in typos, corrections and autocomplete.
Add all this in your're going to be somewhere around 0%
-
-
Friday 15th September 2023 04:53 GMT PRR
Re: Just another reason not to use unencrypted wifi.
> ....unencrypted wifi services for customers. In your own home, of course, you can do whatever you want.
Yes, you'd think. And living way out in the woods with a big dog to announce/attack visitors, I prefer no login/encryption.
(yes, Jimmi could rig a Pringles-cantenna and eavesdrop, but no he can't-- I know my neighbors.)
In fact the off-brand (Sagemcom) WiFi that Spectrum gaveXXX rents me does not have any no-encrypt option.
-
-
Wednesday 13th September 2023 13:27 GMT Anonymous Coward
Mitigations
So it's detecting the movement of your finger to try to infer the password. Easy mitigations:
1. Use a password manager that's unlocked via fingerprint. At best, they can see what you typed into the search box to guess what you're trying to connect to.
2. Wave your finger around a bit more when entering passwords.
3. Don't use public wifi to connect to anything secure. Like we've been told for years.
-
Wednesday 13th September 2023 16:48 GMT Anonymous Coward
Security cameras
I don't type passwords in public places anyway, because I've always been worried the security cameras can see too much stuff.
I do let my phone browser store passwords. If someone physically steals the phone, I'm going to know, and I know how to get any important accounts locked out fast. I guess they could steal the phone and also incapacitate me, but if someone's prepared to go that far, I have bigger problems. So I believe the security risk of having the phone auto-fill the password is in practice lower than the security risk of having a security camera watch me type it in.