The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Inferring passwords using WiFi signals – Hacking passwords over WiFi

Download PC Repair Tool to quickly find & fix Windows errors automatically

It seems that almost everything is breakable when it comes to security on the Internet. We’ve seen even the best security systems having one or more flaws that can be exploited for the hackers’ benefit. No, some professors across three universities have now demonstrated that using banking passwords over WiFi is not safe anymore. They came up with a paper to show how hackers can steal your passwords over WiFi. That’s what we’ll talk about in this article.

WiFi Vulnerabilities

How hackers can steal passwords over WiFi

The issue was raised in the past too, but the methods described were not as accurate and predictable as the WindTalker method to steal passwords over WiFi. Among the many methods talked earlier, the best bet was to place some device between the victim and WiFi that could read traffic patterns. This was the closest one could get, until now. They scanned (sniffed) packets and tried to hack into the computers of victims to figure out the passwords.

The WindTalker method was devised and explained by professors at the University of Florida, Shanghai Jaio Tong University, and the University of Massachusetts. The paper delves into details on how to steal passwords using a common WiFi. This does mean that for the method to work, both the victim and hacker should be on the same WiFi. That allows those hackers to read the victim’s keystrokes.

This method does not require any extra device between victim and hacker devices. They do not even need any software installed on the device of the victim. Simply by analyzing the traffic in parallel, the hackers using the WindTalker method can check out the movements of the victim’s finger movements. The paper says that even on a new device, the chances of success of getting the right password in the single attempt are 84 percent.

Read: Wi-Fi Tips for International Travelers.

What is WindTalker & how does it work

WindTalker is the name given to the method that allows parallel scanning of WiFi signals arising out of the victim’s device to retrieve the data being typed on the device.

The first part of the method is to identify the signals coming from the victim’s device. Note that the hackers do not need any software to be installed on the victims’ phones or other devices that they intend to hack.

The second requirement is to be able to use the WiFi network. This could be easy at public places where they have free WiFi. If not, the hackers can create an ad hoc rogue WiFi network and offer it as free WiFi. Once the victim falls for it and connects to it, the work of stealing information is half done.

The final thing to do is to check the movements of the fingers of the victims. The directions and pace with which the victim is moving his or her fingers and when she or he is pressing key(s) are noted down. This gives away the data being typed by the victim

Restrictions of WindTalker

The first thing that can spoil hackers’ attempts if the victim disconnects from the WiFi before the input and input pattern is decoded. But the method is fast, so chances are the hackers will succeed in their endeavors.

The requirement of having to connect to the WiFi network makes it a bit hard. In cases where free and public WiFi is not present, the victims will have to create a public network which is not very hard to do. Anyone can create a public WiFi using their Windows or Android phones, tablets. Both operating systems have the option to create mobile hotspots and are easy to set up.  Once the WiFi is set up, it is not difficult to have people connecting to the FREE OPEN network.

Device models also play a part in processing data: i.e. monitoring the finger movements of the victims. Since the shape and size vary across different phone and tablet devices, it takes a bit to understand the keystrokes being sent on the WiFi. For example, the keyboard of an 8-inch device will vary from an 11-inch device and so it may take some time to understand the movements.

Other than the above, there were no restrictions and requirements of WindTalker that I could notice in this paper.

“WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and the finger motions, which will introduce a unique interference to the multi-path signals of WiFi” the researchers say.

Simply put, WindTalker monitors finger movements and provides hackers with whatever is being typed on the victim device.

WindTalker – Details

Here is a video that will help you understand the concept of WindTalker in detail:

You may also want to download the entire paper for a fee if you wish. There may be other methods on how hackers can steal your passwords over WiFi. I will mention other methods as and when I come across them.

82 Shares

[email protected]

Arun Kumar has been a Microsoft MVP (2010-12). He is obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap