Researchers have decoded Wi-Fi signals to extract keystrokes for password theft.

Scientists from Singapore and China have unveiled a novel method for harvesting keystrokes and pilfering passwords from Wi-Fi-connected mobile devices on public networks, all without any hardware tampering. 

This technique relies on the transmission of unencrypted beamforming feedback information (BFI) inherent in Wi-Fi traffic, posing a significant security risk.

Beamforming, designed to enhance network connectivity by directing radio waves toward specific devices, was standardised in Wi-Fi 802.11ac, inadvertently exposing BFI data on open networks. 

Public Wi-Fi networks, such as those found in cafes, shopping malls, or airports, become vulnerable due to this exposure.

However, this technique assumes that the target of the surveillance is not transmitting sensitive information like passwords in plaintext over the network. 

To protect against this type of attack, it is essential to use HTTPS/TLS or a VPN when using public Wi-Fi.

The researchers developed a method named "WiKI-Eve" (Wi-Fi Keystroke Inference - Eve) to eavesdrop on keystrokes without resorting to hacking. 

They leverage BFI, which is transmitted in cleartext from a smartphone to an access point and can be intercepted by any Wi-Fi device in monitor mode.

By recording BFIs when a user, known as Bob, types their password, a nearby eavesdropper, called Eve, gathers a time series of BFI samples. 

These samples are then correlated with the typed password using a deep-learning model.

In their experiments, the researchers achieved an 88.9 per cent accuracy in inferring individual keystrokes and up to 65.8 per cent accuracy in stealing passwords from mobile applications, such as WeChat.

While this technique is intriguing, its practicality for real-world attacks remains questionable. Other side-channel attacks to obtain Wi-Fi passwords exist but face limitations. 

WiKI-Eve primarily focuses on numeric passwords due to the simplicity of deciphering them from BFI signals.

To safeguard against such attacks, encrypting data traffic, especially on password-protected Wi-Fi networks, is the most direct defence strategy. 

Public networks should be used with caution, as this research underscores the potential vulnerabilities they pose.

More details are accessible here.