A new cyber threat, ominously named WiKI-Eve, has emerged on the cybersecurity scene, and it poses a significant risk to Wi-Fi users by exploiting a vulnerability in modern routers built since 2013. This attack, with a staggering 90% success rate in most recent routers, is causing concern among researchers and cybersecurity experts.
WiKI-Eve targets a vulnerability in the beamforming feedback information (BFI) technology, which has been a part of our routers since the introduction of 802.11ac, also known as Wi-Fi 5. The attack method essentially allows cybercriminals to eavesdrop on the communication between a device and a Wi-Fi router, intercepting clear-text data.
The research behind WiKI-Eve is a collaborative effort involving academics from two Chinese universities and one Singaporean university. Their findings reveal alarming statistics, with the attack achieving an impressive “88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications.”
One aspect that further exacerbates the issue is the prevalence of weak passwords. A separate study by SafetyDetectives reveals that 13 of the top 30 most commonly used passwords consist solely of numbers. This widespread use of numeric patterns in passwords makes it easier for attackers to compromise accounts.
The research paper describes WiKI-Eve as “the first WiFi-based hack-free keystroke eavesdropping system.” It highlights that the attacker’s device can be as inconspicuous as a mobile device that supports monitor mode using the Wi-Fi network interface card (NIC). This means that attackers can carry out these attacks with relatively minimal equipment.
To illustrate the potential risks, the researchers set up a real-world case study. In this scenario, they were able to access a victim’s WeChat Pay information on an iPhone, implying that compromised credentials and sensitive financial data could be at risk.
While real-world executions of such attacks are currently less common, the research underscores the critical need for improved wireless security. The WiKI-Eve vulnerability affects a wide range of routers in use today, making it a matter of urgency for both router manufacturers and users to take security measures seriously.
As more aspects of our daily lives become interconnected through Wi-Fi and other wireless technologies, safeguarding personal data and online activities from cyber threats like WiKI-Eve is of paramount importance. Strengthening wireless security protocols, updating router firmware, and promoting secure password practices are some of the measures that can help mitigate such threats. Cybersecurity experts and device manufacturers must collaborate to address these vulnerabilities and ensure the safety of users in an increasingly connected world.
