Skip to main content
  1. Home
  2. Emerging Tech
  3. News

Hackers could decode passwords by analyzing the shadows of your fingers

By

If we want to continue enjoying a world that contains Wi-Fi, we may want to address some security issues present in our wireless LAN technology.

One such issue is described in a new paper published by the Association of Computing Machinery. The result of a collaboration between researchers at Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida, it reveals how a malicious Wi-Fi hot spot could trace your fingers to reveal your online passwords.

Recommended Videos

The technique is called WindTalker, and it lets hackers effectively read the finger movements of a user as they pass over their phone display, using what is referred to as channel state information (CSI).

Related

Exploiting the so-called “keystroke inference framework” technique, the researchers were able to successfully retrieve passwords being used on Chinese payment platform Aliplay on various smartphones.

At a high level, WindTalker works by analyzing the shadows created on a mobile device and then piecing these together to work out specific keystrokes which are being made. When enough training examples have been completed, the researchers suggest that passwords can be reverse-engineered with as much as 81.7 percent accuracy.

While the hack itself does require specific hardware to carry out, this only costs in the order of hundreds of dollars and is relatively easy to obtain.

So what, if anything, can be done about the risk?

“One possible defense strategies is to randomize the layouts of the PIN keypad,” Haojin Zhu, a computer science professor who worked on the paper, told Digital Trends. “Second, one of the common assumptions for different kinds of side-channel based keystroke inference attacks is that the users need to type the passwords in fixed gestures — so another defense strategy is changing the typing gestures from time to time to keep themselves safe. Third, the user can prevent the collection of CSI. For example, it is recommended to use network firewalls to block the abnormal Wi-Fi packets.”

A bit like the commonsense holiday safety advice about not waving your expensive camera around, the best suggestion may be the most obvious, though. “One simple recommendation for the public is not to connect to insecure public Wi-Fi,” Professor Zhu continued.

Zhu also said that the team is currently working to develop, “a comprehensive defending framework to defend the various side channel attacks via Wi-Fi signals.”

On balance, we liked WindTalker a whole lot more when it was a 2002 Nicolas Cage movie about U.S. Marines in World War II…

Luke Dormehl
Luke Dormehl
Former Digital Trends Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Topics

Editors’ Recommendations

Does your Mac need antivirus software in 2024? We asked the experts
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

It’s an age-old question among Apple fans: Does your Mac need antivirus software? Traditionally, the popular answer has been no -- Macs have strong built-in protections, the argument goes, and antivirus apps can potentially slow down your computer. In the end, the trade-off didn’t seem to be worth it.

But is that still true today? After all, Macs are increasingly becoming a target of cybercriminals, with some Mac malware strains supposedly even being created by nation states. In that kind of situation, has the game changed?

Read more
How to change your router’s Wi-Fi password
Netgear's Nighthawk RAXE500 tri-band router.

When it comes to getting devices online, Wi-Fi is the gold standard. Millions of people use their laptops, TVs, gaming consoles, and smartphones with the wireless technology – and routers are the magical devices that make this possible. Setting a password on your Wi-Fi router is crucial to keeping it safe and secure, as an unprotected router can easily be targeted by hackers or bogged down by neighbors who take advantage of the free access.

Because of this, it's important to change the default password for your router. A good Wi-Fi password consists of a long alphanumeric string that can't be easily guessed. Changing your router's Wi-Fi password is a pretty easy process, though it might be a bit confusing if you're new to the concept.

Read more
Hackers targeted 1Password after Okta breach, but your logins are safe
A dark mystery hand typing on a laptop computer at night.

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

Read more