This New Exploit Can Steal Passwords Through Keystrokes

The theft of passwords can be disastrous because of the fact that this is the sort of thing that could potentially end up widespread loss of personal and private data. Malicious actors use a wide variety of techniques in order to get their hands on other people’s log in credentials, and a new security flaw revealed by Chinese and Singaporean researchers suggested that they can even detect keystrokes.

With all of that having been said and now out of the way, it is important to note that BFI (beamforming feedback information) is at the center of this new exploit. This refers to beamforming feedback information, allowing for more accurate location information, and directing signals specifically to the routers that requested them.

It turns out that a core component of BFI transmits this information in plain text, which makes it far easier to steal than might have been the case otherwise. Indeed, malicious actors might not even need to do any hacking or cracking to obtain the key to decrypt this data with all things having been considered and taken into account.

The researchers involved in this study are calling this Wiki-Eve, and it bears mentioning that it can detect keystrokes with as much as 88.9% accuracy. Furthermore, malicious actors don’t even need to install a rogue program which allows them to execute their attacks in greater quantities.

This is just the latest in a series of side-channel attacks that have come to the fore. Such attacks are placing an enormous strain on cybersecurity infrastructure, which is already facing considerable pushback from malicious actors around the world. The most important thing to remember here is that there is no telling where a new vulnerability might arise from, which makes it crucial to constantly check cybersecurity for gaps.

The only way to prevent Wiki-Eve from gleaning passwords through keystrokes is to encrypt the data that is sent through BFI. Failing to do so could lead to password theft becoming more commonplace. Using two factor authentication can also be seen as a positive step in the right direction since it creates an additional layer of security for all accounts.

Read next: Sick of Socially Engineered Attack Ads? This New Tool Might Be the Key
Previous Post Next Post