If you listen carefully to a phone, usually with specialist gear, you can hear the way your fingers move across a phone’s touchscreen. This is because the wifi signals transmitted by a mobile phone change when the touchscreen is activated, causing interruptions that an attacker can intercept, analyse, and reverse engineer to accurately guess what the user has typed on his phone or in password input fields.
Dubbed WindTalker, the attack sounds like the user is suffering from a bad case of beans. Fortunately it is less smelly and can only be done when the attacker controls a rogue wifi access point to collect WiFi signal disturbances.
This control is needed because the attacker must also know when to collect WiFi signals from the victim, to work out the exact moment when the target enters a PIN or password.
The attacker uses access over the WiFi access point to sniff the user’s traffic and detect when he’s accessing pages with authentication forms.
The attack uses radio signals called Channel State Information(CSI) which is part of the WiFi protocol, and it provides general information about the status of the WiFi signal.
When the user’s finger moves across the smartphone his hand alters CSI properties for the phone’s outgoing WiFi signals, which the attacker can collect and log on the rogue access point.
According to Bleeping computer the attack as a 68 per cent accuracy.