Body Movements Can Reveal Your Passwords

At a recent conference on computer and communication security in Vienna, Austria, a team of researchers from the United States and China demonstrated how analyzing the signal information from a WiFi hotspot can reveal private information. The paper, published by the Association of Computing Machinery, claims that a system has been developed that can detect passwords (commonly used by banks, payment apps, etc.) with nearly 82 percent accuracy.

The method – which has been dubbed WindTalker – requires a multiple-input, multiple-output (MIMO) antenna configuration in which small phase differences are monitored to reinforce signals in some directions while cancelling them out in other directions. By exploiting this feature, the researchers were able to observe and analyze very small changes in the multi-path signals as reflected by the channel state information (CSI) to identify unique interference patterns related to hand and finger motions. The most threatening aspect of the system is that it uses publicly available WiFi to collect data and doesn’t compromise the target device in any way, making it easy to deploy and difficult to detect.

Research such as this will be vital in improving mobile cybersecurity for the future. For example, banking and payment apps could be programmed with randomized keypad layouts so that, although hackers could still track the users’ finger positions, they would not be able to tell what keys were actually pressed.

For information: Yao Liu, University of South Florida, Computer Science and Engineering, 4202 East Fowler Avenue, ENB 336, Tampa, FL 33620; phone: 813-974-3780; email: yliu@cse.usf.edu; Web site: http://www.usf.edu/engineering/cse/about/index.aspx