New WiKI-Eve attack can steal numerical passwords over WiFi

11-Sep-23

A recent exploit known as “WiKI-Eve” can intercept cleartext communications sent by smartphones linked to contemporary WiFi routers and accurately predict individual numeric keystrokes up to 90% of the time, enabling for the theft of numerical passwords. The issue with BFI is that the data exchanged is in cleartext form, making it easy to intercept and utilize without requiring hardware hacking or the ability to decipher an encryption key.



WiKI-Eve makes use of BFI (beamforming feedback information), a WiFi 5 (802.11ac) technology that was launched in 2013 and enables devices to communicate feedback about their location to routers so that the latter may more precisely direct their signal. A group of university researchers from China and Singapore evaluated the retrieval of possible data to find this security weakness.

Read More…