Users warned of a new cyberattack on Wi-Fi networks aimed at stealing data from smartphones

Analysts from China and Singapore have published information about a new cyber vulnerability that targets unencrypted data transmission from smartphones through modern Wi-Fi routers. The attack, dubbed WiKI-Eve, uses the Beamforming Feedback Information (BFI) feature. The vulnerability indicates high risks of sharing unencrypted data, Mediasat reports.

The purpose of the WiKI-Eve attacks was to intercept Wi-Fi signals in real time when a user enters a password to log in to the network. The researchers found that keystrokes affect Wi-Fi antennas and generate characteristic signals that can be tracked and used to identify individual keystrokes.

Scientists have proven that the attack can identify keystrokes with an extremely high accuracy of 90%. The tests revealed that the decryption accuracy of six-digit numeric passwords is 85%, and the decryption accuracy of more complex application passwords is 66%.

The researchers assume that encrypting data traffic will prevent attackers from obtaining BFI in plaintext, which would negate the basic principles of WiKI-Eve. However, they note that this strategy is commonly used in institutional Wi-Fi networks. Nevertheless, it may increase the complexity of the system in situations involving high user dynamics, as frequent key exchanges will be required.