Wi-Fi signal analysis leaves private data exposed

Three research teams from universities in the US and China have developed a system which can successfully subvert smartphone security by using malicious Wi-Fi networks to detect the inputs which are being made on modern devices, according to the Register.

The ingenious technique involves analysing the signals emitted by a MIMO (multiple input multiple output) router and using the differences in the radio waves received by the antennas of a router to establish the way a mobile user’s fingers are moving across their handset’s display.

With adequate sampling, researchers have demonstrated that it is possible to steal passwords which are entered into connected smartphones, making it possible for third parties to gain access with greater ease.

The accuracy of this system is said to be almost 82%, although it is only possible to use in conjunction with modern multi-antenna routers, rather than more basic single antenna setups.

The movement of a hand towards and away from the screen results in differing levels of interference with the signal, the paper’s authors point out. Furthermore, it is not necessary to hack into the target device for this to be achieved; it is merely necessary for the user to be in range of a compromised Wi-Fi network.

It is the channel state information (CSI) which is analysed to determine which parts of the display are being accessed and thus which numbers or letters are being inputted by the user as they unlock their phone or log into an account.

The router used in the trials set up by the teams from the Universities of South Florida, Massachusetts and Shanghai were given the added benefit of antennas with a higher sensitivity to CSI fluctuations. Researchers also developed software called WindTalker specifically to study this data and interpret it as necessary.

This could pose a big problem for smartphone security as a whole, especially when it comes to services providing secure login capabilities to customers on mobile platforms. The authors of the paper suggest that the best way around this is to ensure that numbers and letters on keyboards used to enter login details should not be in fixed positions, but should be arranged randomly, to prevent data from being stolen using their methodology.

This will make entering passwords and PIN codes a less intuitive process, but should boost security and eliminate this particular vulnerability. It is not clear whether there is a technical way of preventing key strokes from being broadcast in this way, but router makers and smartphone firms may look into this issue now that it has been brought into the spotlight.

Business mobile users are generally advised to steer clear of unsecured wireless hotspots, since it is easy to set up malicious networks in public spaces and dupe innocent users into connecting. Having an understanding of these risks gives everyone a better chance of avoiding exploitation and data theft.

However, since this new technique does not rely on a direct connection to be successful, attacks can be launched far more subtly and without users even knowing that their interactions with a touchscreen device are being monitored remotely.

The fact that academics have developed this technology and published the details of how breaches might be achieved using it is reassuring, since it means that preventative action can now be taken. The alternative would be the clandestine development of the software and hardware by groups willing to use it for malicious reasons, in which instance such activities might not be detected for some time and millions of smartphone users could be exposed to the threats indefinitely.