Wi-Fi traffic is encrypted, but researchers have found that plaintext protocol messages provide enough data for keystroke analysis, helping to extract information such as passwords.
one in Preprint published on arXivSingapore and Chinese academics found that modern systems’ beamforming information (BFI) is transmitted in plain text, making it easier to listen to.
BFI is a feedback mechanism introduced with the publication of 802.11ac in 2013: the channel state is sent to the access point (AP) in cleartext in the control frame, allowing the AP to more accurately direct the signal toward the user device. Gets permission to direct.
Their attack, called Wike-Eve (after the theoretical attacker Eve), can use any standard network interface, as long as it can be put in “monitor” mode.
Eve first obtains the victim’s (Bob, as per convention) MAC address, enabling her to obtain Bob’s IP address and launch a Wike-Eve attack.
“By continuously recording the BFI in Wi-Fi frames from Bob during the time window of Bob’s password typing, Eve can obtain a time series of BFI samples,” the paper says.
This can then be correlated with the password that Bob uses to access a service (for example, when contacting WeChat, the password will be transmitted early in any interaction.
The researchers then applied an adversarial learning framework trained on cleartext BFI samples to try to extract secrets from encrypted communications.
In their tests, the researchers claimed that “WiKey-Eve achieves 88.9 percent prediction accuracy for individual keystrokes and 65.8 percent top-10 accuracy for stealing passwords of mobile applications (such as WeChat).”
The research was conducted by Jingyang Hu and Hongbo Jiang of Hunan University, China, Hongbo Wang, Tianyu Zheng, Jingzhi Hu and Jun Luo of Nanyang Technological University, Singapore, and Zhe Chen of Fudan University, China.