Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming Feedback

Siyu Chen,Hongbo Jiang,Jingyang Hu,Tianyue Zheng,Mengyuan Wang,Zhu Xiao,Daibo Liu,Jun Luo
DOI: https://doi.org/10.1109/tmc.2024.3465564
IF: 6.075
2024-01-01
IEEE Transactions on Mobile Computing
Abstract:Recent years, point-of-sale (POS) terminals are no longer limited to wired connections, with many relying on Wi-Fi for data transmission. Although Wi-Fi offers the convenience of wireless connectivity, it introduces significant security vulnerabilities. This work presents a non-intrusive method for eavesdropping POS passwords via Wi-Fi sensing, named ${\sf BeamThief}$ . Instead of conventional Wi-Fi Channel State Information (CSI) readings, our approach employs Wi-Fi Beamforming Feedback Information (BFI) for an eavesdropping attack. Compared to CSI, which can only be extracted through intruding into the Access Point (AP) or from a limited selection of commercial Wi-Fi cards (e.g., Intel-5300), BFI readings can be more readily obtained from a broad array of commercial Wi-Fi devices. A key technological contribution of ${\sf BeamThief}$ is the development of an analysis model for predicting finger motion trajectories. This model is based on the physical relationship between BFI readings and finger motion, thus eliminating the need for extensive labeled training data. Furthermore, we employ Maximum Ratio Combining (MRC) to enhance the BFI series, ensuring performance across various scenarios. We implement ${\sf BeamThief}$ using everyday commercial Wi-Fi devices and conduct a series of experiments to assess the impact of this attack. Experimental results demonstrate that ${\sf BeamThief}$ achieves an accuracy rate 79% in inferring 6-digit POS passwords within the top-100 attempts.
What problem does this paper attempt to address?