Visible to the public When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals

TitleWhen CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
Publication TypeConference Paper
Year of Publication2016
AuthorsLi, Mengyuan, Meng, Yan, Liu, Junyi, Zhu, Haojin, Liang, Xiaohui, Liu, Yao, Ruan, Na
Conference NameProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4139-4
Keywordschannel state information, composability, Digital signal processing, keystroke analysis, Metrics, online payment, password inference, privacy, pubcrawl, Resiliency, signal processing security, Traffic analysis, wireless security
Abstract

In this study, we present WindTalker, a novel and practical keystroke inference framework that allows an attacker to infer the sensitive keystrokes on a mobile device through WiFi-based side-channel information. WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI). The adversary can exploit the strong correlation between the CSI fluctuation and the keystrokes to infer the user's number input. WindTalker presents a novel approach to collect the target's CSI data by deploying a public WiFi hotspot. Compared with the previous keystroke inference approach, WindTalker neither deploys external devices close to the target device nor compromises the target device. Instead, it utilizes the public WiFi to collect user's CSI data, which is easy-to-deploy and difficult-to-detect. In addition, it jointly analyzes the traffic and the CSI to launch the keystroke inference only for the sensitive period where password entering occurs. WindTalker can be launched without the requirement of visually seeing the smart phone user's input process, backside motion, or installing any malware on the tablet. We implemented Windtalker on several mobile phones and performed a detailed case study to evaluate the practicality of the password inference towards Alipay, the largest mobile payment platform in the world. The evaluation results show that the attacker can recover the key with a high successful rate.

URLhttp://doi.acm.org/10.1145/2976749.2978397
DOI10.1145/2976749.2978397
Citation Keyli_when_2016