Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS Terminal

Nowadays, point-of-sale (POS) terminals are no longer limited to wired connections, and many of them rely on Wi-Fi for data transmission. While Wi-Fi provides the convenience of wireless connectivity, it also introduces significant security risks. Previous research has explored Wi-Fi-based eavesdrop...

Full description

Saved in:
Bibliographic Details
Published inIEEE INFOCOM 2024 - IEEE Conference on Computer Communications pp. 321 - 330
Main Authors Chen, Siyu, Jiang, Hongbo, Hu, Jingyang, Xiao, Zhu, Liu, Daibo
Format Conference Proceeding
LanguageEnglish
Published IEEE 20.05.2024
Subjects
Array signal processing
Beamforming feedback information
Password eavesdropping
Passwords
POS terminals
Security
Sensors
Side-channel attacks
Uplink
Wi-Fi sensing
Wireless communication
Online AccessGet full text

Cover

More Information
Summary:Nowadays, point-of-sale (POS) terminals are no longer limited to wired connections, and many of them rely on Wi-Fi for data transmission. While Wi-Fi provides the convenience of wireless connectivity, it also introduces significant security risks. Previous research has explored Wi-Fi-based eavesdropping methods. However, these methods often rely on limited environmental robustness of Channel State Information (CSI) and require invasive Wi-Fi hardware, making them impractical in real-world scenarios. In this work, we present SThief, a practical Wi-Fi-based eavesdropping attack that leverages beamforming feedback information (BFI) exchanged between POS terminal and access points (APs) to keystroke inference on POS keypads. By capitalizing on the clear-text transmission characteristics of BFI, this attack demonstrates a more flexible and practical nature, surpassing traditional CSI-based methods. BFI is transmitted in the uplink, carrying downlink channel information that allows the AP to adjust beamforming angles. We exploit this channel information to keystroke inference. To enhance the BFI series, we use maximal ratio combining (MRC), ensuring efficiency across various scenarios. Additionally, we employ the Connectionist Temporal Classification method for keystroke inference, providing exceptional generalization and scalability. Extensive testing validates SThief's effectiveness, achieving an impressive 81% accuracy rate in inferring 6-digit POS passwords within the top-100 attempts.
ISSN:2641-9874
DOI:10.1109/INFOCOM52122.2024.10621321