• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 13th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Android

WindTalker Attack Leaks User Data Using Smartphone’s WiFi Signals

November 16th, 2016 Waqas Android, Security 0 comments
WindTalker Attack Leaks User Data Using Smartphone’s WiFi Signals
Share on FacebookShare on Twitter
Researchers have identified an attack known as WindTalker that leaks password, PINs and keystrokes using your smartphone’s WiFi signals.

In a combined research conducted by researchers from Shanghai Jiao Tong University, the University of Massachusetts at Boston and University of South Florida, it has been identified that our smartphones’ Wi-Fi signals can expose critically important private data including passwords, PINs and keystrokes due to a critical vulnerability.

Also Read: A USB device can steal login credentials even if the PC is locked

The research is titled: “When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via Wi-Fi Signals” while the attack has been labeled as WindTalker. 

The research was covered by Bleeping Computer who noted that it happens because of the way “users move fingers across a phone’s touchscreen.” Researchers have explained that this movement “alters the WiFi signals transmitted by a mobile phone, causing interruptions that an attacker can intercept, analyze, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.”

It is also revealed that WindTalker can work only if and when an attacker is able to gain control of a rogue Wi-Fi access point. That’s because it enables the attacker to collect WiFi signals’ instabilities.

The attacker can identify the exact same PIN or password entered by the victim by understanding when to collect WiFi signals from the target mobile phone. Along with this, full control over the WiFi access point is also important. To accomplish this task, the attacker must know the exact moment when a PIN or password is entered by the victim.

Controlling of WiFi access point can also help an attacker to monitor user’s traffic and discover the time when a user accesses pages that require authentication information. The WindTalker attacks are usually about 68.3% accurate; however, their accuracy level may vary with the model of the smartphones. The accuracy can be enhanced by continued monitoring of what the user types; the more data collected by the attacker, the higher will be the attack’s accuracy.

Also Read: Watch out for this USB Charger, it could be Keystroke Logger

All of this is made possible by leveraging CSI/Channel State Information, which is a part of the Wi-Fi protocol that provides general information about the Wi-Fi signal’s status. When the user uses the phone’s touch screen to type text, the hand movement modifies the CSI properties of the outgoing Wi-Fi signals of the phone. The attacks can easily accumulate the changes in CSI pattern and log on to the rogue access point.

It is also possible to isolate chosen portions of CSI signal. The attacker only needs to carry out a standard signal analysis and signal processing along with guessing the characters typed by the user.

Researchers also tested WindTalker’s successfulness in a real-life situation by attempting to recover the required transaction PIN user enters to verify Alipay mobile transactions. In a majority of cases, these PINs are sent to a fixed range of IP addresses. If the attacker is able to identify it accurately, then it will be possible to start the PIN Wi-Fi signal collection procedure.

WindTalker attack was demonstrated at the 23rd ACM Conference on Computer and Communications Security in October. The conference was held in Vienna, Austria.

[fullsquaread][/fullsquaread]

Also Read: Hackers show how to hack wireless keyboard from 250 feet away

[src src=”Via” url=”http://dl.acm.org/citation.cfm?id=2978397″]ACM[/src]

[src src=”Source” url=”http://www.bleepingcomputer.com/news/security/smartphone-wifi-signals-can-leak-your-keystrokes-passwords-and-pins/”]Bleeping Computer[/src]

[src src=”Image Via” url=”https://pixabay.com/en/phone-wlan-wifi-mobile-phone-call-1582893/”]PixaBay/Geralt[/src]

  • Tags
  • Cyber Attack
  • hacking
  • internet
  • Privacy
  • security
  • WIFI
Facebook Twitter LinkedIn Pinterest
Previous article PlayStation users: "Our accounts are being hacked"; Sony denies foul play
Next article Ransoc Desktop Locker Ransomware Scans Social Media Profiles for Exploitation
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

6-year-old Moodle flaw exposed millions to account takeover attack

6-year-old Moodle flaw exposed millions to account takeover attack

Scraped data of 1.3 million Clubhouse users published online

Scraped data of 1.3 million Clubhouse users published online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera
Security

Researcher release PoC exploit for 0-day in Chrome, Edge, Brave, Opera

ShinyHunters dump partial database of broker firm Upstox
Hacking News

ShinyHunters dump partial database of broker firm Upstox

6-year-old Moodle flaw exposed millions to account takeover attack
Security

6-year-old Moodle flaw exposed millions to account takeover attack

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us