|Yet another way to compromise computer information: sniff the WiFi connection for keyboard signals!
||[Aug. 30th, 2016|10:09 am]
This is interesting, and I hadn't considered it. I would have thought that, while I am typing this email, that nothing gets sent across my WiFi connection until I hit Send. But obviously email programs, if they're web-based, save draft copies. In the case of email, I think it would be negated by using a PC-based email client, but I'm not certain about that as email server internals are terra incognita for me.
Obviously a Cat 5 cable from your computer to your internet router should defeat this, but how many people do that on a regular basis. We use laptops because of their convenience, my laptop isn't wired because the router is in the living room and my desktop is in the far corner of the kitchen. I could get a router to allow me to hard-cable, then a second router to connect to my main router, and set up a wireless bridge between them, but that seems like a lot of work (and expensive) to try to thwart an attack that is unlikely to be used against me.
There has been tech to sniff the signal from wireless keyboard and mice forever, very few such devices encrypt the signal. I've heard Apple does, but I haven't seen independent information on that. And there's tech to allow sniffing your screen display, though it has limited range. Add them all together and you can get a heck of a read as to what some people do online.
From Bruce Schneier's blog:
Keystroke Recognition from Wi-Fi Distortion
This is interesting research: "Keystroke Recognition Using WiFi Signals." Basically, the user's hand positions as they type distorts the Wi-Fi signal in predictable ways.
Abstract: Keystroke privacy is critical for ensuring the security of computer systems and the privacy of human users as what being typed could be passwords or privacy sensitive information. In this paper, we show for the first time that WiFi signals can also be exploited to recognize keystrokes. The intuition is that while typing a certain key, the hands and fingers of a user move in a unique formation and direction and thus generate a unique pattern in the time-series of Channel State Information (CSI) values, which we call CSI-waveform for that key. In this paper, we propose a WiFi signal based keystroke recognition system called WiKey. WiKey consists of two Commercial Off-The-Shelf (COTS) WiFi devices, a sender (such as a router) and a receiver (such as a laptop). The sender continuously emits signals and the receiver continuously receives signals. When a human subject types on a keyboard, WiKey recognizes the typed keys based on how the CSI values at the WiFi signal receiver end. We implemented the WiKey system using a TP-Link TL-WR1043ND WiFi router and a Lenovo X200 laptop. WiKey achieves more than 97.5% detection rate for detecting the keystroke and 96.4% recognition accuracy for classifying single keys. In real-world experiments, WiKey can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%.