Millions of lovers of numeric passwords are at risk.
Researchers from China and Singapore have discovered a new method of attacking smartphones connected to modern Wi-Fi routers. The attack, dubbed "WiKI-Eve", allows you to intercept open text transmissions and determine numeric keys with up to 90% accuracy. This means that numeric passwords can be easily stolen.
The attack uses BFI (Beamforming Feedback Information), a feature introduced in 2013 with the release of Wi-Fi 5 (802.11 ac). BFI allows devices to send feedback about their location to routers so that they can more accurately direct their signal. The problem is that this information is transmitted in clear text, which allows it to be intercepted and used without breaking the hardware or encryption key.
WiKI-Eve attack scheme
First, the attacker must determine the MAC address of the target device. This can be done by monitoring network traffic and correlating it with user behavior. After that, while the victim is actively using the smartphone, the attacker intercepts the BFI time series using monitoring tools such as Wireshark.
Each keystroke on your smartphone affects the Wi-Fi antennas, which creates unique signal changes. The researchers developed a specialized algorithm and machine learning to analyze this data and determine the keys pressed.
WiKI-Eve attack scheme
Experiments have shown that the WiKI-Eve attack can detect six-digit numeric passwords with 85% accuracy in less than 100 attempts. However, the effectiveness of the attack decreases when the distance between the attacker and the access point increases-by 23% when the distance increases from 1 to 10 meters.
The study calls into question the security of millions of users. According to NordPass, 16 of the 20 most popular passwords consist only of numbers. Experts strongly recommend using complex passwords and two-factor authentication (2FA).
As long-term security measures, various methods are considered: data encryption, signal obfuscation, key swapping on the on-screen keyboard, and others. Hardware manufacturers and software developers need to take urgent measures to improve security.
The WiKI-Eve attack is a major challenge for the entire information security industry. WiKI-Eve demonstrates how relatively simple machine learning tools and techniques can be used to steal sensitive information. This requires immediate attention and adjustment of security strategies at all levels-from individual users to large organizations.
Researchers from China and Singapore have discovered a new method of attacking smartphones connected to modern Wi-Fi routers. The attack, dubbed "WiKI-Eve", allows you to intercept open text transmissions and determine numeric keys with up to 90% accuracy. This means that numeric passwords can be easily stolen.
The attack uses BFI (Beamforming Feedback Information), a feature introduced in 2013 with the release of Wi-Fi 5 (802.11 ac). BFI allows devices to send feedback about their location to routers so that they can more accurately direct their signal. The problem is that this information is transmitted in clear text, which allows it to be intercepted and used without breaking the hardware or encryption key.
WiKI-Eve attack scheme
First, the attacker must determine the MAC address of the target device. This can be done by monitoring network traffic and correlating it with user behavior. After that, while the victim is actively using the smartphone, the attacker intercepts the BFI time series using monitoring tools such as Wireshark.
Each keystroke on your smartphone affects the Wi-Fi antennas, which creates unique signal changes. The researchers developed a specialized algorithm and machine learning to analyze this data and determine the keys pressed.
WiKI-Eve attack scheme
Experiments have shown that the WiKI-Eve attack can detect six-digit numeric passwords with 85% accuracy in less than 100 attempts. However, the effectiveness of the attack decreases when the distance between the attacker and the access point increases-by 23% when the distance increases from 1 to 10 meters.
The study calls into question the security of millions of users. According to NordPass, 16 of the 20 most popular passwords consist only of numbers. Experts strongly recommend using complex passwords and two-factor authentication (2FA).
As long-term security measures, various methods are considered: data encryption, signal obfuscation, key swapping on the on-screen keyboard, and others. Hardware manufacturers and software developers need to take urgent measures to improve security.
The WiKI-Eve attack is a major challenge for the entire information security industry. WiKI-Eve demonstrates how relatively simple machine learning tools and techniques can be used to steal sensitive information. This requires immediate attention and adjustment of security strategies at all levels-from individual users to large organizations.
