A new cyber attack called WiKI-Eve has been observed to steal certain passwords over Wi-Fi with a 90% success rate in most modern systems. routers built since 2013.
The attack exploits a vulnerability in the beamforming feedback information (BFI) technology that has graced our routers since the introduction of 802.11ac, also known as Wi-Fi 5.
The researchfrom academics at two Chinese universities and a Singaporean university, shows how hackers can ‘eavesdrop’ and therefore intercept the clear text sent between device and router.
Connected to WiFi? There is a good chance that you are at risk
According to the researchers, WiKI-Eve achieves “88.9% accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords from mobile applications.”
A special one Security detective investigation shows that 13 of the 30 most commonly used passwords contain only numbers, indicating that “numeric patterns are a global favorite.”
The article goes on to call WiKI-Eve “the first WiFi-based, hack-free keystroke eavesdropping system,” adding that the device an attacker wants to use can be as discreet as a mobile device that has the monitor mode enabled by the Wi-Fi NIC supports. .
The researchers describe a hypothetical situation in which a victim harmlessly connects to a public network and argue that a password entered securely on a legitimate site is not as secure as one would hope, thanks to this vulnerability introduced with Wi-Fi 5 -routers.
In an effort to demonstrate how easy it is for an attacker to obtain information about a user, the team goes on to set up a real-world case study where they can gain access to a set up victim’s WeChat Pay information when them an iPhone, citing compromised credentials and even digital payment information.
Although theoretical and laboratory-developed examples yield alarming results, executions of such attacks are fortunately less common in practice. However, the research plays an important role in demonstrating the clear need for improved wireless security in the future.