back to article Your body reveals your password by interfering with Wi-Fi

Modern Wi-Fi doesn't just give you fast browsing, it also imprints some of your finger movements – swipes, passwords and PINs – onto the radio signal. A group of researchers from the Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida have demonstrated that analysing …

  1. Anonymous Coward
    Anonymous Coward

    I'm not saying this is BS...

    ...but I'd want to hear a lot more about the specific setup and geometry they were using before assuming it isn't.

    1. bazza Silver badge

      Re: I'm not saying this is BS...

      Speaking as an RF engineer, it sounds perfectly plausible to me. Though I suspect they need the phone to be relatively still for it to work.

      Another way to defeat it is to not use public WiFi.

    2. jake Silver badge

      Re: I'm not saying this is BS...

      Not BS, but not a problem, either. Lab only, near as I can tell. Too much signal variation in the wild for these kind of measurements. Gut feeling; I'm prepared to be shown to be incorrect.

    3. a_yank_lurker

      Re: I'm not saying this is BS...

      Not BS, but likely to be a minor security problem in the wild compared to other issues with WIFI. I would not be surprised that effective range for this attack is relatively short. Also, it may be easily defeated by various measures that could be implemented.

    4. Voland's right hand Silver badge
      Devil

      Re: I'm not saying this is BS...

      800 packets per second - that is fairly high pps. It looks like flooding the channel (more or less).

      1. I do not see why they are using ICMP - that is daft - the target may notice. They just need to flood the airwaves with something - if they are in control of the AP they can encode it to another client key (even a non-existent one) and just shovel it out to get the relevant flood rate.

      2. 800pps depending on packet sizes (what are they trying does not become clear from the article) looks like flooding the channel.

      The attack looks plausible though - a MIMO with some good software is almost like a phased array radar :)

      1. Anonymous Coward
        Anonymous Coward

        Re: beamforming

        "a MIMO with some good software is almost like a phased array radar :)"

        Indeed, though the MIMO's a bit cheaper.

        At least one cellular base station vendor was looking at using the same kind of phase-variation beam-forming techniques a couple of decades ago. Then the parent company went TITSUP and I don't know if it ever came to fruition.

        Meanwhile the overall group's pensioners (tens of thousands of them in the UK - rather more than the twenty thousand or so affected by the BHS pension fiasco) still don't know whether their promised pensions will ever come to fruition, but the paperpushers involved have paid themselves a couple of billion dollars in the meantime.

        E.g.

        http://pwc.blogs.com/press_room/2016/10/nortel-pension-scheme-settlement-announced.html

        (except it's not really announced and confirmed yet, more paperpushing is required)

        http://www.forbes.com/sites/danielfisher/2016/04/05/nortel-bankruptcy-fees-approach-2-billion-as-court-hears-arguments-over-assets/#26b409f1e055

    5. Doctor_Wibble

      Re: I'm not saying this is BS...

      Easy, just get corroboration from CERN who will be able to tell you how hard each key was pressed and presumably also whether the table has a wobbly leg, as they seem to have inadvertently built a new type of seismometer.

  2. Chloe Cresswell Silver badge

    Randomised keypads

    That's a lovely idea for me. I'm dyslexic and only remember numbers by patterns.

    Changing the layout would effectively lock me out completely.

    I have enough problems when I have to use a number I have worked out on a PC keypad on a phone as it is :(

    1. david 12 Silver badge

      Re: Randomised keypads

      This is a brilliant idea! Randomize the keyboard and use a position-sensitive authentication instead!

      Using position-sensitive authentication with a randomized keyboard, the ascii values will be different for every keyboard you use, thus feeding random values to keyloggers (and-over the sholder snoopers).

      I don't know why we didn';t think of this before.

    2. Known Hero
      FAIL

      Re: Randomised keypads

      Sooo what your saying is as my kid is also severely dyslexic, I better stop reading and writing, it might be considered unfair on him.

      Also remember if you see somebody in a wheelchair lie down and shuffle about to get where your going..........

      It would only be unfair on you if it was the only option available and was forced you to use it.

    3. TheProf

      Re: Randomised keypads

      @Chloe Cresswell

      How would you fair if the numbers were to be replaced with icons? Instead of 1,2,3,4, your 'password' could be 'smiley', 'rabbit', 'hat', 'football'. Or maybe 'up-arrow', 'asterisk', 'backslash', 'plus-sign'?

  3. Pompous Git Silver badge

    Changing the layout would effectively lock me out completely.
    Blind people too so probably illegal. Dunno about immoral and fattening...

    1. This post has been deleted by its author

  4. Pompous Git Silver badge

    It would be interesting...

    ... to know why I'm downvoted for advocating web accessibility. Australia at least has the Disability Discrimination Act 1992 and the UN Convention on the Rights of Persons with Disabilities states that, “… information intended for the general public to persons with disabilities in accessible formats and technologies appropriate to different kinds of disabilities in a timely manner and without additional cost”.

    The convention also urges, “…private entities that provide services to the general public, including through the internet, to provide information and services in accessible and usable formats for persons with disabilities.”

    Quite why some web designers have a hate-on for the less abled escapes me.

    1. Phil Kingston

      Re: It would be interesting...

      I'm not sure the quoted text is the best way of expressing the point. To me, those bits are open to quite a lot of interpretation.

      I'm all for equal access, but if it's a choice between, for example, a static on-screen keyboard providing less secure access for all, or a randomized on-screen keyboard that adds additional security for 99% of customers but requires the setup/running of a telephone service (thereby meeting those Act quotes) then I'm not sure which side I'd fall.

      1. Pompous Git Silver badge

        Re: It would be interesting...

        I imagine the number of people affected by this vuln is going to be quite small. In return the "cure" would affect 100% of the visually impaired. In fact the cure is actively deceptive, so adding insult to injury as it were. I seem to remember ever so may of us commentards being angry that MS decided the red button with an X on it was equivalent to the OK button.

      2. Preston Munchensonton

        Re: It would be interesting...

        I'm all for equal access, but if it's a choice between, for example, a static on-screen keyboard providing less secure access for all, or a randomized on-screen keyboard that adds additional security for 99% of customers but requires the setup/running of a telephone service (thereby meeting those Act quotes) then I'm not sure which side I'd fall.

        I'm not for equal access, at all. In fact, fuck equal access. I want it how I want it. Of course, the same goes for everyone else, as each of us has our own preferences, tastes, and values. This is why it's not really about equal access, but consumer choice. If enough people want voice control, then someone will figure out a way to meet that demand. If enough people only want the interface to consist of wrinkly butt cheeks, someone will figure out how to make that work. It's the producer incentives and consumer demands that are important, not equality.

        P.S. Please, for the love of all things holy, do NOT produce a phone interface consisting of wrinkly butt cheeks.

        1. Preston Munchensonton
          WTF?

          Re: It would be interesting...

          It's also impressive that every time I post something that others find objectionable, I find my global downvote total rising. Glad to see that most of us aren't such massive, immature douchebags. I really don't care about downvotes, but who really gets their kicks from downvoting posts from months ago? Pfft.

    2. PNGuinn
      Mushroom

      Re: It would be interesting...

      "Quite why some web designers have a hate-on for the less abled escapes me."

      Quite why some web designers have a hate-on for everyone who has who has the misfortune to have to use their fugly clunky state-of-the art adslinging crap infested cutting edge pos websites ....

      There - FIFY.

  5. Steve Davies 3 Silver badge
    WTF?

    In the average Starbucks

    where all the hipsters are typing away on their precious iDevices, I would guess that the sheer number of key presses would make any analysis of want any one of them is doing almost impossible.

    (not that they would ever be doing anything important)

    Who'd a thought that Apple users would get safety in numbers. Clearly the WTF moment for this Monday morning.

    1. Pompous Git Silver badge

      Re: In the average Starbucks

      where all the hipsters are typing away on their precious iDevices, I would guess
      you only need to decipher one and you've got the lot. They wouldn't dare deviate from what everyone else is doing...

  6. Anonymous Coward
    Anonymous Coward

    Beware also....

    Silent drones with long range camera lenses pointing at your screen

    Hypnotism to extract your password

    Sensors impanted in your arms capturing tendon movements to map out your finger placements remotely

    Hijacking your visual cortex with an implant to convert optical signals into radio waves

    Above are about the same level of real world risk.

    I'd be more worried about the ease with which malware makes it onto your phone and the amount of telemetry Android and IOS shares with their creators and the spooks.

    1. Olius

      Re: Beware also....

      And where do you stand on worms which can exploit holes in home wifi routers to keylog a whole house and send the results back to their CnC server?

      In fact, where do you stand on extrapolation in general?

      1. Olius

        Re: Beware also....

        Haha - awesome. Two thumbs down from people who find it hard to connect "This exploit has just been discovered" with "Oh shit, a hacking group has commoditised the exploit, unleashed it on every IoT device and are hiring it out to any kiddie scripter that can pay"

        ...which are two of the most often written articles on the Register...

  7. monty75

    It'll confuse the hell out of them when I'm playing my Theremin.

  8. Dieter Haussmann

    I think you would have to start with the phone perfectly aligned and clamped in a jig.

    1. JeffyPoooh
      Pint

      "...phone perfectly aligned and clamped in a jig..."

      You're describing how they test a phone's SAR "...for RF safety...". If the phone under test moves even a mm, the repirted results can change dramatically. So they carefully align the phone under test in a precisely aligned jig. Thus indicating that the entire SAR test concept is randomized rubbish. But those involved are too thick to realize.

      They also reportedly achieve far sub-wavelength hotspots (in the test head), a result worthy of a Nobel Prize. Semiconductor manufacturers would love such focusing technology.

  9. JeffyPoooh
    Pint

    "small phase differences"

    "...MIMO uses the small phase differences between antennas to reinforce signals..."

    I'm not sure that I agree with your use of the word 'small'.

  10. Anonymous Coward
    Anonymous Coward

    TEMPEST ?

    Anyone remember that ?

  11. Anonymous Coward
    Anonymous Coward

    Out of interest

    Do you still get phones using their headsets as an extra antenna to improve reception? I confess I stopped paying attention long ago.

    If so, surely that would confuse this?

    1. Charles 9

      Re: Out of interest

      Usually that's for the radio. That's why devices that support FM Radio don't work without a headphone plugged in, even if you're sending the sound via Bluetooth.

  12. Korev Silver badge
    1. Charles 9

      Re: Obligatory

      But what if the objective is to get the password without the user knowing you're doing it, since that alone can trip alarms you don't want tripped?

  13. Colin Miller

    Windtalker?

    Windtalkers was the name give to the US Army's Native Americans who were used as radio operators in WWII. Their Navaho (I think that was the main language used) was totally impenetrable to anyone (ie Japanese and German) who might be listening in.

  14. waldo kitty
    Boffin

    Continuum

    has no one seen the (granted) fictional TV serious Continuum? in at least one episode they used mapping of radio waves (cellular IIRC) to be able to look inside a building and even to go back and see what had happened previously... this idea came from somewhere... like the Dick Tracey comics with their communication watches (hello apple watch)...

    the show came out in 2012 and stars the (beautiful) Rachel Nichols as an enforcement officer in 2077 that gets thrown back in time when some criminals escape using an experimental device...

    http://www.imdb.com/title/tt1954347/

  15. Anonymous Coward
    Anonymous Coward

    "given enough training samples" = we need the user and his phone to sit in the exact configuration we want to snoop out for half an hour and continously repeat the key press patterns we are feeding him

    yea absolute BS

  16. paapicholoo

    The IP Bill

    Not only in Public WiFi but since The Investigatory Powers Bill has been passed by both Houses of Parliament. Once it receives Royal Assent it will become law, we really need to worry about privacy. I think its time to get encrypted with a VPN, may be PureVPN or Ivacy will be the best

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like