Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping

TL;DR

WiKI-Eve is a novel Wi-Fi-based keystroke eavesdropping method that exploits beamforming feedback information to accurately infer keystrokes and passwords without hacking Wi-Fi hardware.

Contribution

The paper introduces WiKI-Eve, a new Wi-Fi attack leveraging BFI to eavesdrop keystrokes without hacking, and employs adversarial learning for better generalization.

Findings

Achieves 88.9% accuracy in keystroke inference.

Attains 65.8% top-10 accuracy in password theft.

Operates without hacking Wi-Fi hardware.

Abstract

The contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches, yet existing attacks relying on Wi-Fi CSI (channel state information) demand hacking Wi-Fi hardware to obtain desired CSIs. Since such hacking has proven prohibitively hard due to compact hardware, its feasibility in keeping up with fast-developing Wi-Fi technology becomes very questionable. To this end, we propose WiKI-Eve to eavesdrop keystrokes on smartphones without the need for hacking. WiKI-Eve exploits a new feature, BFI (beamforming feedback information), offered by latest Wi-Fi hardware: since BFI is transmitted from a smartphone to an AP in clear-text, it can be overheard (hence eavesdropped) by any other Wi-Fi devices switching to monitor mode. As existing keystroke inference methods offer very limited generalizability, WiKI-Eve further innovates in an adversarial learning scheme to enable its inference generalizable towards unseen scenarios. We implement WiKI-Eve and conduct extensive evaluation on it; the results demonstrate that WiKI-Eve achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications (e.g., WeChat).