This damaging cyberattack could steal your passwords over Wi-Fi
It’s reasonably easy, too
A new cyberattack that is being called WiKI-Eve has been observed stealing certain passwords over Wi-Fi with a 90% success rate in most modern routers built since 2013.
The attack exploits a vulnerability in the beamforming feedback information (BFI) technology that has graced our routers since the introduction of 802.11ac, otherwise known as Wi-Fi 5.
The research, which comes from academics belonging to two Chinese universities and one Singaporean university, demonstrates how hackers can ‘overhear,’ thus intercept, the clear-text being transmitted between device and router.
Connected to Wi-Fi? Chances are, you may be at risk
According to the researchers, WiKI-Eve “achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications.”
A separate SafetyDetectives study shows 13 of the top 30 most commonly used passwords comprise just numbers, stating that “numeric patterns are worldwide favorites.”
The paper goes on to call WiKI-Eve “the first WiFi-based hack-free keystroke eavesdropping system,” adding that the device an attacker chooses to use can be as discrete as a mobile device that supports monitor mode by the Wi-Fi NIC.
Describing a hypothetical situation in which a victim harmlessly connects to a public network, the researchers state that a password securely entered into a legitimate site is not as secure as one would hope, thanks to this vulnerability introduced with Wi-Fi 5 routers.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
In a bid to demonstrate just how easy it is for an attacker to obtain information about a user, the team goes on to set up a real-world case study where they are able to access a set-up victim’s WeChat Pay information when using an iPhone, alluding to compromised credentials and even information about the digital payment.
While the theoretical and lab-grown examples produce alarming results, real-world executions of such attacks are fortunately less common, however the study plays an important role in demonstrating the clear need for improved wireless security moving forward.
More from TechRadar Pro
- Ready to upgrade your router after reading this? Check out our roundup of the best secure routers
- Top ASUS routers have serious security flaws that could let hackers hijack your device
- Get your favorite password manager to fill your details in automatically
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!