A joint team of researchers from Michigan State University and China’s Nanjing University successfully used an off-the-shelf computer and Wi-Fi equipment to track keystrokes pressed on a nearby keyboard by measuring the dent in Wi-Fi propagation.
The keystroke recognition technology—dubbed WiKey —takes keylogging to a whole new level, detecting keystrokes with 93.5% accuracy using only a $200 Lenovo X200 laptop, a $43 TP-Link WR1043ND WiFi router, and the 802.11n/ac Wi-Fi protocol in a controlled environment.
WiKey distinguishes itself from previous motion and gesture detection technology through its sheer precision, zooming in on the subtle movements of each finger stroke. The trick lies in leveraging the Wi-Fi signal’s Channel State Information values to detect movements within a given parameter. Channel State Information (CSI), the channel properties of a communication link in wireless communication, describe the amount of scattering, fading, and power decay experienced by signals propagating from transmitters to receivers.
The technique can theoretically function as an attack vector for remotely stealing passwords typed in real-time, but its creators see a much broader host of applications centered in human-computer interaction applications. According to researchers Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad, WiKey could serve as the basis for a new generation of UX experience, allowing users to “Zoom-in, zoom-out, scrolling, sliding, and rotating gestures for operating personal computers, gesture recognition for gaming consoles, in-home gesture recognition for operating various household devices, and applications such as writing and drawing in the air.”
Achieving WiKey ’s 97.5% in the real-world will take additional refinement. The controlled test environment was devoid all movement save that of the test subject; in the real-world, however, spaces will be populated by other people walking around or sitting within proximity, in addition to other laptops.
For WiKey to detect the slightest variation wireless channel activities, the researchers needed to take into account signal strength, the location of the keyboard, as well as what, where, and why is the interference occurring. After measuring each variable, the team could obtain micro-movements using the router’s MIMO channels—the router’s ability to use multiple antennas between a sender(router) and the receiver (WNIC) that pass multiple signals simultaneously across the same radio channel.
Described by in more technical terms:
“Each MIMO channel between each transmit-receive antenna pair of a transmitter and receiver comprises of multiple subcarriers. These WiFi devices continuously monitor the state of the wireless channel to effectively transmit power allocations and rate adaptations for each MIMO stream such that the available capacity of the wireless channel is maximally utilized. These devices quantify the state of the channel in terms of CSI values. The CSI values essentially characterize the Channel Frequency Response for each subcarrier between each transmit-receive antenna pair.”
An already complex process is further elevated as the researchers must next filter out frequency changes (radio noise) and environmental movements not related to typing. Next, the team needs to take into account the time it takes to press the actual key. Finally, by associating values based on the data obtained using the process described above, the team can finally begin assigning number values to each typist’s keyboard using the graph below.
Under the best-controlled circumstances where test subjects were limited to typing only one key per second and sentence length was constrained to no more than one and a half sentences, accuracy surged up to 97.5%. In what researchers described as a real-world scenario simulating multiple people moving within a confined space, WiKey was able to recognize the accuracy of the target's keystrokes with 77.5% accuracy.
Source: Threatpost.com via Sigmobile.org
Learn more about Electronic Products Magazine