Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS Terminal
Nowadays, point-of-sale (POS) terminals are no longer limited to wired connections, and many of them rely on Wi-Fi for data transmission. While Wi-Fi provides the convenience of wireless connectivity, it also introduces significant security risks. Previous research has explored Wi-Fi-based eavesdrop...
Saved in:
Published in | IEEE INFOCOM 2024 - IEEE Conference on Computer Communications pp. 321 - 330 |
---|---|
Main Authors | , , , , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
20.05.2024
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Nowadays, point-of-sale (POS) terminals are no longer limited to wired connections, and many of them rely on Wi-Fi for data transmission. While Wi-Fi provides the convenience of wireless connectivity, it also introduces significant security risks. Previous research has explored Wi-Fi-based eavesdropping methods. However, these methods often rely on limited environmental robustness of Channel State Information (CSI) and require invasive Wi-Fi hardware, making them impractical in real-world scenarios. In this work, we present SThief, a practical Wi-Fi-based eavesdropping attack that leverages beamforming feedback information (BFI) exchanged between POS terminal and access points (APs) to keystroke inference on POS keypads. By capitalizing on the clear-text transmission characteristics of BFI, this attack demonstrates a more flexible and practical nature, surpassing traditional CSI-based methods. BFI is transmitted in the uplink, carrying downlink channel information that allows the AP to adjust beamforming angles. We exploit this channel information to keystroke inference. To enhance the BFI series, we use maximal ratio combining (MRC), ensuring efficiency across various scenarios. Additionally, we employ the Connectionist Temporal Classification method for keystroke inference, providing exceptional generalization and scalability. Extensive testing validates SThief's effectiveness, achieving an impressive 81% accuracy rate in inferring 6-digit POS passwords within the top-100 attempts. |
---|---|
ISSN: | 2641-9874 |
DOI: | 10.1109/INFOCOM52122.2024.10621321 |