Thanks to this ability of being able to triangulate a target using radio signals, Wi-Fi has previously been proven by MIT to work as ‘X-ray vision’, sensing and tracking a person’s exact position through a wall.
Tracking how your fingers move on a smartphone screen
So when you swipe your Android smartphone lock-screen pattern, enter a PIN number or a password in an app, your finger movements alter the radio signal and the movements are imprinted into the signal, meaning that if hackers were controlling a public Wi-Fi access point that your device is connected to, they could then reverse-engineer the signal to figure out what sensitive data you may have typed into your phone.
The researchers set up a malicious public Wi-Fi access point consisting of $20 (£16) antennas, the attacker’s laptop and a $5 Intel networking card in a café. The setup was located a metre away from a target sitting at a table with a smartphone.
Once the user connected to the free Wi-Fi, the WindTalker system was able to extract sensitive data by analysing the radio signals and processing the signals to separate the parts of the signal it needed.
WindTalker was able to accurately spy on and detect the six-digit passwords commonly used by banks and payment apps with an accuracy rate of 68.3%, that quickly rose to 81.7% once they provided their system with enough training examples for specific smartphone models.
The study, entitled When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals, is published in the Association of Computing Machinery’s Proceedings of the 2016 ACM Conference on Computer and Communications Security that was held in Vienna, Austria, from 24-28 October.