Jump to content
  • This damaging cyberattack could steal your passwords over Wi-Fi

    aum

    • 557 views
    • 2 minutes
     Share


    • 557 views
    • 2 minutes

    It’s reasonably easy, too

     

    A new cyberattack that is being called WiKI-Eve has been observed stealing certain passwords over Wi-Fi with a 90% success rate in most modern routers built since 2013.

     

    The attack exploits a vulnerability in the beamforming feedback information (BFI) technology that has graced our routers since the introduction of 802.11ac, otherwise known as Wi-Fi 5.

     

    The research, which comes from academics belonging to two Chinese universities and one Singaporean university, demonstrates how hackers can ‘overhear,’ thus intercept, the clear-text being transmitted between device and router.

     

    Connected to Wi-Fi? Chances are, you may be at risk


    According to the researchers, WiKI-Eve “achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications.”

     

    A separate SafetyDetectives study shows 13 of the top 30 most commonly used passwords comprise just numbers, stating that “numeric patterns are worldwide favorites.”

     

    The paper goes on to call WiKI-Eve “the first WiFi-based hack-free keystroke eavesdropping system,” adding that the device an attacker chooses to use can be as discrete as a mobile device that supports monitor mode by the Wi-Fi NIC.

     

    Describing a hypothetical situation in which a victim harmlessly connects to a public network, the researchers state that a password securely entered into a legitimate site is not as secure as one would hope, thanks to this vulnerability introduced with Wi-Fi 5 routers.

     

    In a bid to demonstrate just how easy it is for an attacker to obtain information about a user, the team goes on to set up a real-world case study where they are able to access a set-up victim’s WeChat Pay information when using an iPhone, alluding to compromised credentials and even information about the digital payment.

     

    While the theoretical and lab-grown examples produce alarming results, real-world executions of such attacks are fortunately less common, however the study plays an important role in demonstrating the clear need for improved wireless security moving forward.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...