Wifi hotspots can be used to steal your passwords – this is a warning almost as old as public wireless hotspots are. However, there is a new theoretical attack vector that the growing number of public WiFi users should be aware of. Researchers from the Shanghai Jiao Tong University, University of Massachusetts at Boston, and the University of South Florida have published a paper called: “When CSI Meets Public Data: Inferring Your Mobile Phone Passwords via Public WiFi Signals. Using this tech, the researchers could more often than not guess, or infer, your password or pin just by analyzing standard information reported to the network operator from your device’s WiFi chip.
The described method uses WiFi-based side channel information to infer physical user activity based on how their movements affect the WiFi signal’s channel state information (CSI). By training a system to look at the differences in the CSI, researchers were able to infer passwords in a test group of ten users. WiFi signals can also be used to determine your location or perhaps identity within a wireless network’s range, even through walls. The CSI analysis could feasibly work on mobile thumb strokes as well as keystrokes to your laptop. Your passwords, or pins, aren’t completely safe from your public WiFi hotspot operator.
WiFi isn’t the only privacy concern on your smartphone
The WiFi chip isn’t the only potentially tattling part of a smartphone, either. Side channel password inference can even happen via the microphone, the radio antennae, at the camera, and even with the devices’ other motion sensors. The researchers also noted that it is nearly impossible to detect if this attack is even ongoing as all wireless networks collect and analyze this data. One solution that combats this type of CSI analysis, though, is to randomize the layout of keyboards or number pads so that the CSI can not be correlated with user inputs for password inference. Alternatively, it’s possible that methods will arise that will allow users to introduce random noise into the data and throw off this type of analysis.
It’s worth repeating that the researchers’ work is more of a proof of concept than a turn-key solution that works out of the box. Currently, the system requires a lot of training, but it is still strong theoretical proof that this process exists and is currently being refined. Needless to say, the future holds many challenges to our privacy.