Your PIN is blowing in the Wind

Neues Paper von InfoSec-Fuzzies, die eine Methode entwickelt haben, um die PIN-Nummern während der Eingabe am Handy über die Fluktuationen in der WiFi-Signalstärke abgreifen, die durch – Achtung! – Finger- und Handbewegungen und die dadurch entstehenden Luftzirkulationen verursacht werden. (via Tanja)

pin-extraction-fig-6

WindTalker is motivated from the observation that keystrokes on mobile devices will lead to different hand coverage and finger motions, which will introduce a unique interference to the multi-path signals and can be reflected by the channel state information (CSI).

By setting up a rogue access point, determining the point in time when a user is entering a PIN (for the Alipay payment system in the demonstrated attack – the largest mobile payments company in the world), and observing the fluctuations in wifi signal, it’s possible to recover the PIN.