Scientists from the Universities of Hunan and Fudan (China) and the Nanyang Technological University (Singapore) developed A way to read clicks on the display of a smartphone connected to a Wi-Fi network by analyzing the radio signal. This is due to the insufficient security of the BFI (Beamforming Feedback Information) function.
BFI is a feedback mechanism that dates back to 2013 when the 802.11ac Wi-Fi standard was released. This involves client devices sending data about their location, allowing access points to route a signal to them more accurately. The problem is that this data is transmitted unencrypted and can be intercepted without hacking the network or client devices. Conventionally, the scientists called the type of attack they developed WiKi-Eve – it is relevant for any standard network interface that enables signal monitoring.
In the initial phase of the attack, the imaginary attacker wirelessly intercepts the MAC address of his victim’s device. After that, the recording of BFI data from the victim’s device begins – the scientists assumed that key presses on the virtual keyboard of a smartphone or tablet change the Wi-Fi signal parameters. Scientists tried to interpret the collected information as a password, suggesting that it was sent over a wireless network early in the communication session.
Next comes into play an artificial intelligence system that is trained on BFI data sent in plain text format. The authors of the study found that the WiKi-Eve attack makes it possible to interpret individual keystrokes on the display with an accuracy of 88.9% and also intercept application passwords with an accuracy of 65.8%.