Security Experts:

Researchers Use WiFi Signals to Read Keystrokes

Wi-Fi signals can be exploited to recognize keystrokes and a system that can do so has been already created, a newly published research paper reveals.

According to researchers at Michigan State University, and Nanjing University in China, the user’s movement over the keyboard generates a unique pattern in the time-series of Channel State Information (CSI) values. Moreover, researchers argue that a Wi-Fi signal based keystroke recognition system called WiKey can recognize typed keys based on CSI values at the Wi-Fi signal receiver end.

In their setup, researchers used two Commercial Off-The-Shelf (COTS) Wi-Fi devices: a sender (a TP-Link TL-WR1043ND WiFi router) and a receiver (a Lenovo X200 laptop). The sender continuously emits signals and the receiver continuously receives signals, while WiKey monitors the CSI values.

Wi-Fi IconAccording to the researchers, their system can achieve a detection rate of over 97.5% for keystrokes, and an accuracy of more than 96.4% when classifying single keys. Furthermore, researchers claim that, in real-world experiments, the WiKey system “can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%.”

The idea, the paper (PDF) reveals, is that user’s hands and fingers move in a unique formation and direction when typing a certain key, which generates a unique pattern in the time-series of CSI values, called CSI-waveform. Thus, researchers say, “the keystrokes for each key introduce relative unique multi-path distortions in WiFi signals and this uniqueness can be exploited to recognize keystrokes.”

The researchers argue that modern WiFi devices support high data rates, which means that the Wi-Fi cards can offer enough CSI values within the duration of a keystroke to create a high resolution CSI-waveform for each keystroke.

“When a human subject types in a keyboard, on the WiFi signal receiver end, WiKey recognizes the typed keys based on how the CSI value changes. CSI values quantify the aggregate effect of wireless phenomena such as fading, multi-paths, and Doppler shift on the wireless signals in a given environment. When the environment changes, such as a key is being pressed, the impact of these wireless phenomena on the wireless signals change, resulting in unique changes in the CSI values,” the paper reads.

The researchers reveal that there are three key technical challenges: to segment the CSI time series to identify the start time and end time of each keystroke; to extract distinguishing features for generating classification models for each of the 37 keys (10 digits, 26 alphabets and 1 space-bar); and to compare shape features of any two keystrokes.

Once they figured how to overcome these challenges, the researchers were able to create WiKey, after which they went on to test its accuracy. The system was tested on datasets from 10 users (30 samples of each key from the first 9 users and 80 samples from the last user). The recognition accuracy for the 26 letters is greater compared to that of all 37 keys.

“WiKey achieves an overall keystroke recognition accuracy of 82.87% in case of 37 keys and 83.46% in case of 26 alphabetic keys when averaged over all keys and users. The accuracy of WiKey increases when the number of training samples per key are increased from 30 to 80,” researchers say.

When it comes to real-world testing, “WiKey achieves an average keystroke recognition accuracy of 77.43% for typed sentences when 30 training samples per key were used. WiKey achieves an average keystroke recognition accuracy of 93.47% in continuously typed sentences with 80 training samples per key,” researchers also say.

The system, however, has some limitations, including variations in environment, as it can work well only under relatively stable and controlled environments, researchers say. Human motion in surrounding areas, changes in orientation and distance of transceivers, typing speeds, and keyboard layout and size also influence the accuracy.

Related: Wireless Mouse/Keyboard Dongles Expose Computers to Attacks

Related: Data Theft From Air-Gapped Computers Possible via Cellular Frequencies 

view counter