Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming Feedback

IF 7.7 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Mobile Computing Pub Date : 2024-09-23 DOI:10.1109/TMC.2024.3465564

Siyu Chen;Hongbo Jiang;Jingyang Hu;Tianyue Zheng;Mengyuan Wang;Zhu Xiao;Daibo Liu;Jun Luo

{"title":"Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming Feedback","authors":"Siyu Chen;Hongbo Jiang;Jingyang Hu;Tianyue Zheng;Mengyuan Wang;Zhu Xiao;Daibo Liu;Jun Luo","doi":"10.1109/TMC.2024.3465564","DOIUrl":null,"url":null,"abstract":"Recent years, point-of-sale (POS) terminals are no longer limited to wired connections, with many relying on Wi-Fi for data transmission. Although Wi-Fi offers the convenience of wireless connectivity, it introduces significant security vulnerabilities. This work presents a non-intrusive method for eavesdropping POS passwords via Wi-Fi sensing, named \n<inline-formula><tex-math>${\\mathsf {BeamThief}}$</tex-math></inline-formula>\n. Instead of conventional Wi-Fi Channel State Information (CSI) readings, our approach employs Wi-Fi Beamforming Feedback Information (BFI) for an eavesdropping attack. Compared to CSI, which can only be extracted through intruding into the Access Point (AP) or from a limited selection of commercial Wi-Fi cards (e.g., Intel-5300), BFI readings can be more readily obtained from a broad array of commercial Wi-Fi devices. A key technological contribution of \n<inline-formula><tex-math>${\\mathsf {BeamThief}}$</tex-math></inline-formula>\n is the development of an analysis model for predicting finger motion trajectories. This model is based on the physical relationship between BFI readings and finger motion, thus eliminating the need for extensive labeled training data. Furthermore, we employ Maximum Ratio Combining (MRC) to enhance the BFI series, ensuring performance across various scenarios. We implement \n<inline-formula><tex-math>${\\mathsf {BeamThief}}$</tex-math></inline-formula>\n using everyday commercial Wi-Fi devices and conduct a series of experiments to assess the impact of this attack. Experimental results demonstrate that \n<inline-formula><tex-math>${\\mathsf {BeamThief}}$</tex-math></inline-formula>\n achieves an accuracy rate 79\n<inline-formula><tex-math>$\\%$</tex-math></inline-formula>\n in inferring 6-digit POS passwords within the top-100 attempts.","PeriodicalId":50389,"journal":{"name":"IEEE Transactions on Mobile Computing","volume":"24 2","pages":"662-676"},"PeriodicalIF":7.7000,"publicationDate":"2024-09-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Mobile Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10685549/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Recent years, point-of-sale (POS) terminals are no longer limited to wired connections, with many relying on Wi-Fi for data transmission. Although Wi-Fi offers the convenience of wireless connectivity, it introduces significant security vulnerabilities. This work presents a non-intrusive method for eavesdropping POS passwords via Wi-Fi sensing, named

${\mathsf {BeamThief}}$

. Instead of conventional Wi-Fi Channel State Information (CSI) readings, our approach employs Wi-Fi Beamforming Feedback Information (BFI) for an eavesdropping attack. Compared to CSI, which can only be extracted through intruding into the Access Point (AP) or from a limited selection of commercial Wi-Fi cards (e.g., Intel-5300), BFI readings can be more readily obtained from a broad array of commercial Wi-Fi devices. A key technological contribution of

${\mathsf {BeamThief}}$

is the development of an analysis model for predicting finger motion trajectories. This model is based on the physical relationship between BFI readings and finger motion, thus eliminating the need for extensive labeled training data. Furthermore, we employ Maximum Ratio Combining (MRC) to enhance the BFI series, ensuring performance across various scenarios. We implement

${\mathsf {BeamThief}}$

using everyday commercial Wi-Fi devices and conduct a series of experiments to assess the impact of this attack. Experimental results demonstrate that

${\mathsf {BeamThief}}$

achieves an accuracy rate 79

$\%$

in inferring 6-digit POS passwords within the top-100 attempts.

查看原文本刊更多论文

指尖的回声：通过Wi-Fi波束形成反馈揭示POS终端密码

近年来，销售点（POS）终端不再局限于有线连接，许多依赖Wi-Fi进行数据传输。尽管Wi-Fi提供了无线连接的便利，但它引入了重大的安全漏洞。本研究提出了一种通过Wi-Fi感应来窃听POS密码的非侵入式方法，命名为${\mathsf {BeamThief}}$。与传统的Wi-Fi信道状态信息（CSI）读数不同，我们的方法采用Wi-Fi波束形成反馈信息（BFI）进行窃听攻击。CSI只能通过侵入接入点（AP）或从有限的商业Wi-Fi卡（例如，英特尔-5300）中提取，与CSI相比，BFI读数可以从广泛的商业Wi-Fi设备中更容易获得。${\mathsf {BeamThief}}$的一个关键技术贡献是开发了预测手指运动轨迹的分析模型。该模型基于BFI读数和手指运动之间的物理关系，从而消除了对大量标记训练数据的需要。此外，我们采用最大比率组合（MRC）来增强BFI系列，确保在各种场景下的性能。我们使用日常商用Wi-Fi设备实现${\mathsf {BeamThief}}$，并进行了一系列实验来评估这种攻击的影响。实验结果表明，${\mathsf {BeamThief}}$在前100次尝试中推断6位POS密码的准确率为79$\%$。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Mobile Computing 工程技术-电信学

CiteScore

12.90

自引率

2.50%

发文量

403

审稿时长

6.6 months

期刊介绍： IEEE Transactions on Mobile Computing addresses key technical issues related to various aspects of mobile computing. This includes (a) architectures, (b) support services, (c) algorithm/protocol design and analysis, (d) mobile environments, (e) mobile communication systems, (f) applications, and (g) emerging technologies. Topics of interest span a wide range, covering aspects like mobile networks and hosts, mobility management, multimedia, operating system support, power management, online and mobile environments, security, scalability, reliability, and emerging technologies such as wearable computers, body area networks, and wireless sensor networks. The journal serves as a comprehensive platform for advancements in mobile computing research.