Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

发布者:苏绍杰发布时间:2023-10-16浏览次数:138

Authors:

Jingyang Hu, Hongbo Wang, Tianyue Zheng, Jingzhi Hu, Zhe Chen, Hongbo Jiang, and Jun Luo

Published in:

in Proc. of the 30th ACM CCS, 2023

Abstract:

The contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches, yet existing attacks relying on Wi-Fi CSI (channel state information) demand hacking Wi-Fi hardware to obtain desired CSIs. Since such hacking has proven prohibitively hard due to compact hardware, its feasibility in keeping up with fast-developing Wi-Fi technology becomes very questionable. To this end, we propose WiKI-Eve to eavesdrop keystrokes on smartphones without the need for hacking. WiKI-Eve exploits a new feature, BFI (beamforming feedback information), offered by latest Wi-Fi hardware: since BFI is transmitted from a smartphone to an AP in clear-text, it can be overheard (hence eavesdropped) by any other Wi-Fi devices switching to monitor mode. As existing keystroke inference methods offer very limited generalizability, WiKI-Eve further innovates in an adversarial learning scheme to enable its inference generalizable towards unseen scenarios. We implement WiKI-Eve and conduct extensive evaluation on it; the results demonstrate that WiKI-Eve achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications (e.g., WeChat).

site:https://www.researchgate.net/profile/Jun-Luo-10/publication/373686904_Password-Stealing_without_Hacking_Wi-Fi_Enabled_Practical_Keystroke_Eavesdropping/links/64f7f48187d7f830e8047046/Password-Stealing-without-Hacking-Wi-Fi-Enabled-Practical-Keystroke-Eavesdropping.pdf