WiKI-Eve Attack Can Steal Passwords Over WiFi
A new cyber attack dubbed “WiKI-Eve” has emerged, which allows attackers to steal a victim’s numeric passwords. This alarming discovery was brought to light in a paper compiled by a team of researchers from China and Singapore.
The attack capitalizes on the Beamforming Feedback Information (BFI) feature, which was first introduced with WiFi 5 in 2013. This allows devices to send information about their position to routers, so the latter can direct the signal efficiently. However, this data is not encrypted, and can easily be intercepted.
First, the attacker needs to identify their chosen victim on the network. As pointed out by BleepingComputer, the researchers explained that "Eve can acquire this information beforehand by conducting visual and traffic monitoring concurrently: correlating network traffic originating from various MAC addresses with users’ behaviors should allow Eve to link Bob’s physical device to his digital traffic, thereby identifying Bob’s MAC address”.
With this information, the attacker can deduce numeric passwords entered by the victim. Each time the user presses a key, it impacts the device’s WiFi antennas, which in turn impacts the WiFi signal. These events can be read in the unencrypted BFI data and used to infer which keys were pressed.
The accuracy of this attack is alarmingly high. The researchers demonstrated that the attack could identify numeric keystrokes with a staggering 90% accuracy. Furthermore, the tests revealed an 85% accuracy rate in deciphering six-digit numerical passwords and a 66% accuracy rate for more intricate app passwords. This study involved 20 participants, various phone models, and multiple typing styles.
However, the WiKI-Eve attack is not without its limitations. It requires the identification of the target on the network and has a limited window for execution. Another constraint is the distance, which was pointed out by BitDefender; increasing the gap between the attacker and the target from 1 to 10 meters reduces accuracy by 23%.
To counteract such threats, the researchers suggest encrypting data traffic (such as with a quality VPN), which would prevent attackers from obtaining BFI in cleartext.