
Keystroke Recognition Using WiFi Signals (2015) [pdf] - epaga
https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
======
bimmer44
Some business ideas from the 2.4GHz dystopia:

* Using wifi in a movie theatre to build a Google Analytics equivalent for movie studios. Total heartbeat and respiration data for every individual "user session" across all screenings. Devices like Roku could do this too and sell the data to Netflix.

* Amazon Echo could notice your heartrate is becoming elevated due to the start of flu - Amazon stages your go-to remedies in the nearest DC and pushes appropriate ads on the site.

* In store movement tracking. Why bother with phone beacons and hassle-some devices randomising their MAC addresses when you could just power up a wifi blanket and track bodies with precision.

I guess the lab setting of the above research wouldn't apply to these
situations - but I imagine with more research and some specialised equipment a
movie theatre could be made conducive to this kind of tracking? Would there be
legal implications? Wifi is everywhere already...

~~~
Pharaoh2
Almost like a video camera running face recognition... which almost sound like
a lot easier to do.

~~~
bimmer44
I agree it's definitely easier to do - and obviously already happening in this
context. Also billboards that use Kinect CV to record emotional response. [1]

I was just intrigued by the perceptions around this - people often have an
instinctive strongly negative response to the idea of pervasive face
recognition but I'm not sure they would feel as unnerved by the presence of a
wifi network with this sort of "surveillance" traffic running through it.
Maybe they would.

[1] [http://theconversation.com/now-advertising-billboards-can-
re...](http://theconversation.com/now-advertising-billboards-can-read-your-
emotions-and-thats-just-the-start-45519)

------
rtpg
How worried should I be about this? The paper doesn't mention any mitigation
strategies and kinda makes it sound like anybody with a wifi router ("Free
Wifi") could get me.

~~~
annnnd
The tests were conducted in controlled environment - real world is another
thing entirely. And if you are worried about this, then you should probably
shield your computer because normal PCs emit lots of data in form of
electromagnetic waves. But unless you are concerned about state-sponsored
three-letter agencies spying on you (individually), I don't think there is
much reason for concern.

Obligatory XKCD: [http://xkcd.com/538/](http://xkcd.com/538/)

~~~
tigroferoce
I agree on this point. A controlled environment is different from real world.
It's not the first paper on this types of attacks: I remember one where the
microphone of an iPhone was used to register the sound of keypressed on a
keyboard [1] and another one where the vibrations on objects were used to
infer the oral communication inside a closed room [2].

The main consideration is that it largely depends on who is your attacker. If
you think about regular people, you should be fine; state-sponsored attackers
know way too many techniques for you to be safe, unless you get very paranoid.
Also keep in mind that these attacks (AFAIK) do not scale and are not
automated, so a state attacker should be explicitly targeting you.

Finally, you should consider that modern computers and mobile phones have so
many security issues that using these advanced physical-world attacks is not
necessary.

[1]
[https://en.wikipedia.org/wiki/Acoustic_cryptanalysis](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)
[2] [http://news.mit.edu/2014/algorithm-recovers-speech-from-
vibr...](http://news.mit.edu/2014/algorithm-recovers-speech-from-
vibrations-0804)

------
glastra
To deploy this in a real world scenario seems implausible to me. You would
need specific models for every person, laptop and router combination, as the
physiology of the hands, the gestures when typing, and the location and power
of the laptop's and router's antennas can all be different.

The only relevant attack could be to train on a specific target
(person+laptop+location) for a given amount of time to achieve high accuracy,
but to do this you already have to know what the person is typing...

~~~
hughperkins
i imagine people tap things like "the" quite regularly. its a simple
transposition cypher.

~~~
glastra
Assuming they are continuously writing English text is quite the assumption.

~~~
hughperkins
i guess if we are hacking wifi, we probably know approximately which continent
they are in. but even if they are typing say pinyin, theres a spacebar between
each word, and three characters per word, seems like an obvious heuristic?

------
x0054
In a controlled environment this would work, just like any number of other
theoretical attacks. In the real world you have to consider people walking
through the room, user shifting their computer or tilting the screen. You also
have to account for other WiFi transmissions from other devices, and probably
a number of other things I can't think off right now. Plus, it would require
you to make keystroke maps for all kinds of laptops, since it wouldn't work in
a universal way. Every laptop would have it's own pattern.

If you have enough control over the environment and enough information about
the subject to make this effective, wouldn't it be easier to simply hide a
camera in the room? That said, it's a really cool idea!!! I wonder what kind
of other data could be pulled from a laptop by looking at it's EM emissions.

------
celticninja
Sounds like an updated version of van eck phreaking, however this seems to be
much more easily deployed on a wider scale. I think one issue of van eck
phreaking was the time it took to accomplish as well as the requirement that
you had close proximity to the monitor you wanted to read from.

------
RossBencina
The motion tracking method appears to be WiFi Channel State Information (CSI)
time series analysis using only a built-in WiFi NIC.

I wonder whether you could use the same technique to implement a Leap-Motion
style controller without any specialized motion tracking hardware.

------
xyproto
They still can't recognize æøå. Muhehehahaha!

~~~
collyw
Probably because none of those symbols are on a keyboard to type?

