Entering sensitive data on a smartphone screen
Researchers have worked out how to steal your passwords, PINs and pattern-lock swipes by analysing Wi-Fi signals to see how your fingers move on a smartphone screeniStock

US and Chinese security researchers have discovered that it is possible to detect a user's private information by studying the radio signals emitted to provide Wi-Fi internet coverage and how they interact with a person's body movements.

Researchers from Shanghai Jaio Tong University, the University of Massachusetts Boston and the University of South Florida have developed the WindTalker system, which can analyse sophisticated contemporary Wi-Fi networks and sneakily detect and record passwords by looking at the directions that radio waves travel to provide wireless internet coverage.

Older wireless routers only have one antenna to broadcast Wi-Fi signals around your home, but the latest internet routers now come with multiple antennas and a technology called Multiple Input, Multiple Output (MIMO), which enables routers to connect and transmit data from multiple devices simultaneously.

MIMO works by transmitting radio signals in different directions at particular angles in order to better detect where the devices connecting to the internet are located in a room. The antenna makes small changes every now and then to strengthen radio signals going in some directions, while signals going in other directions are cancelled out.

Because the routers are designed to detect and manage very small changes to the radio signals in order to make sure that your devices, computers, smart TVs and game consoles are always receiving the best-quality signal, the same technology can be exploited to track your hand as it swipes and types away on your smartphone screen.

Thanks to this ability of being able to triangulate a target using radio signals, Wi-Fi has previously been proven by MIT to work as 'X-ray vision', sensing and tracking a person's exact position through a wall.

Tracking how your fingers move on a smartphone screen

So when you swipe your Android smartphone lock-screen pattern, enter a PIN number or a password in an app, your finger movements alter the radio signal and the movements are imprinted into the signal, meaning that if hackers were controlling a public Wi-Fi access point that your device is connected to, they could then reverse-engineer the signal to figure out what sensitive data you may have typed into your phone.

The researchers set up a malicious public Wi-Fi access point consisting of $20 (£16) antennas, the attacker's laptop and a $5 Intel networking card in a café. The setup was located a metre away from a target sitting at a table with a smartphone.

Once the user connected to the free Wi-Fi, the WindTalker system was able to extract sensitive data by analysing the radio signals and processing the signals to separate the parts of the signal it needed.

WindTalker was able to accurately spy on and detect the six-digit passwords commonly used by banks and payment apps with an accuracy rate of 68.3%, that quickly rose to 81.7% once they provided their system with enough training examples for specific smartphone models.

The study, entitled When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals, is published in the Association of Computing Machinery's Proceedings of the 2016 ACM Conference on Computer and Communications Security that was held in Vienna, Austria, from 24-28 October.