Wi-fi Can Reveal Your PIN Number …

There are some things in science that you think are so unbelievable that they are just not possible. So, did you know that you can detect…

Wi-fi Can Reveal Your PIN Number …

There are some things in science that you think are so unbelievable that they are just not possible. So, did you know that you can detect someone’s breathing and heart rate, even if you are in the next room? Well you can, as the breathing and skin movements affect the propagation of wi-fi signals, and the changes in the wi-fi signal can be detected for even the smallest of movements:

As you may know, we also do a great deal in side channel attacks, such as where the electrical supply of a device can reveal an encryption key [paper]:

In 2016, researchers from Shanghai Jaio Tong University, University of Massachusetts at Boston, and the University of South Florida have shown that it is possible that a radio signal can reveal your password [here]:

With this they are able to get the PIN number right for 81.7% of the time the reflections of wi-fi signals. It uses a beam-forming wireless antenna (with Multiple-Input, Multiple-Output — MIMO), and where a radio wave is created to detect movements of a user’s hand. With MIMO, we can receive a signal from several different sources, and this see variations in the wi-fi signal as the user moves their hand and fingers.

For them, CSI is “channel state information”, and relates to hand and finger movements, and in how these can be detected from the propagation of radio waves. Within the paper they analyse the difference between a coverage movement and a click movement. There are then two important touch movements:

  • Oblique touch [Figure 1(b)]. This is a common typing movement when pressing different keys.
  • Vertical touch [Figure 1(c)]. This is where the same key is pressed continuously.
Figure 1: Touch movements

In order to train the system, the system requires a number of key presses on a given key. This produces define signal patterns which can be analysed for a match:

Figure 2: CSI Amplitude

The researchers were then able to observe the user entering PIN numbers on a number of mobile phones:

and where they were able to determine the numbers pressed (773919):

Overall they think that the attack on PIN numbers and passwords can be launched from a wi-fi hotspot. So, in conclusion, the researchers say that those creating payment apps should randomise their keypad layout, in order to confuse the system.