Skip to main content
  1. Home
  2. Emerging Tech
  3. Computing
  4. Mobile
  5. News

Hackers could decode passwords by analyzing the shadows of your fingers

By
Add as a preferred source on Google

If we want to continue enjoying a world that contains Wi-Fi, we may want to address some security issues present in our wireless LAN technology.

One such issue is described in a new paper published by the Association of Computing Machinery. The result of a collaboration between researchers at Shanghai Jaio Tong University, the University of Massachusetts at Boston, and the University of South Florida, it reveals how a malicious Wi-Fi hot spot could trace your fingers to reveal your online passwords.

Recommended Videos

The technique is called WindTalker, and it lets hackers effectively read the finger movements of a user as they pass over their phone display, using what is referred to as channel state information (CSI).

Exploiting the so-called “keystroke inference framework” technique, the researchers were able to successfully retrieve passwords being used on Chinese payment platform Aliplay on various smartphones.

At a high level, WindTalker works by analyzing the shadows created on a mobile device and then piecing these together to work out specific keystrokes which are being made. When enough training examples have been completed, the researchers suggest that passwords can be reverse-engineered with as much as 81.7 percent accuracy.

While the hack itself does require specific hardware to carry out, this only costs in the order of hundreds of dollars and is relatively easy to obtain.

So what, if anything, can be done about the risk?

“One possible defense strategies is to randomize the layouts of the PIN keypad,” Haojin Zhu, a computer science professor who worked on the paper, told Digital Trends. “Second, one of the common assumptions for different kinds of side-channel based keystroke inference attacks is that the users need to type the passwords in fixed gestures — so another defense strategy is changing the typing gestures from time to time to keep themselves safe. Third, the user can prevent the collection of CSI. For example, it is recommended to use network firewalls to block the abnormal Wi-Fi packets.”

A bit like the commonsense holiday safety advice about not waving your expensive camera around, the best suggestion may be the most obvious, though. “One simple recommendation for the public is not to connect to insecure public Wi-Fi,” Professor Zhu continued.

Zhu also said that the team is currently working to develop, “a comprehensive defending framework to defend the various side channel attacks via Wi-Fi signals.”

On balance, we liked WindTalker a whole lot more when it was a 2002 Nicolas Cage movie about U.S. Marines in World War II…

Luke Dormehl
Luke Dormehl
Former Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Topics
Apple Books apparently has the same knockoff problem as Amazon
WSJ's Joanna Stern says copycat AI books based on her work continue to pop up on the platform.
updated book and AI photo

Apple Books has long been viewed as a cleaner alternative to Amazon's Kindle Store. But if a new investigation is anything to go by, it may be fighting the same battle against AI-generated junk. In a recent YouTube Shorts video, The Wall Street Journal's Joanna Stern revealed that fake, AI-generated versions of her book have repeatedly appeared on Apple Books, despite being reported and removed.

Joanna Stern says fake copies keep coming back

Read more
Your next EV battery could start life as a plastic water bottle
Penn State researchers have found a way to turn discarded PET plastic into battery-grade graphite.
Kid holding plastic bottles

Plastic bottles usually end up being recycled into lower-value products, buried in landfills, or worse, polluting the environment. But researchers at Penn State University believe they could one day power electric vehicles, smartphones, and even renewable energy storage systems after discovering a way to convert discarded plastic into high-quality battery graphite.

Turning plastic waste into battery-grade graphite

Read more
Anthropic’s most powerful AI is making a comeback, but only for a select few
The U.S. government has approved the limited return of Mythos 5 as Fable 5 edges closer to a wider release.
Claude Fable 5 and Claude Mythos 5 Official Render

Anthropic's AI restrictions may finally be starting to thaw. After being forced offline earlier this month over U.S. government security concerns, the company's most advanced AI models are slowly making a comeback. According to a new report from Axios, Anthropic has already restored Mythos 5 for a limited number of trusted users, while Fable 5 could return as early as next week if ongoing discussions with federal agencies continue to progress.

Mythos returns first, while Fable waits in the wings

Read more