Several security researchers have uncovered a new serious Wi-Fi attack known as WindTalker that can be used against public networks. For more information about it continue reading our article.
The WindTalker Wi-Fi Attack Can Be Harmful To Many
Seven computer researchers have discovered a new public Wi-Fi attack known as WindTalker.
The team of scientists consisted of five from the Shanghai Jiao Tong University in China and two from the University of Massachusets at Boston and the University of South Florida in Tampa. The vulnerability allows malicious operators to potentially read the keystrokes of the connected users based on their finger position.
The details are given in a thorough research paper where the scientists describe their findings. The public Wi-Fi hack is motivated from the observation that keystrokes on mobile devices lead to different hand coverage and distinctive finger motions. They introduce a unique interference in the multi-path signals and are reflected by the channel state-information (CSI). This ultimately allows remote attackers to exploit this fact to their advantage by analyzing the stream data. When connected to a public Wi-Fi network the hackers can attempt to use this fact to their advantage by collecting the target CSI data.
The WindTalker attack does not hack the network or compromise any of the target devices. It merely uses the Wi-Fi network to collect the CSI traffic and can launch keystroke interference. The mechanism can be integrated into an application that can run without notifying the user.
An example attack was done against the service Alipay which is one of the largest mobile payment solutions in the world. The demonstration shows how password interference can be deployed and how the remote attacker can recover various sensitive data with a very high success rate.
The researchers built the attacking device using off-the-shell hardware by using a commercially available laptop running the Gnu/Linux distribution Ubuntu 14.04 LTS with a modified Intel drive which allows for CSI collection. The team used ICMP echo and reply messages to achieve a sampling rate of 800 packets per second.
The paper also discusses several defense strategies that can be used to prevent CSI data collection:
- Users should not connect to public Wi-Fi networks as they might be operated by malicious users.
- Obfuscation of CSI data by the user.
- Introducing randomized human behaviour patterns.
For more information you can read the paper itself titled “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals” here.