A new cyberattack that is being called WiKI-Eve has been observed stealing certain passwords over Wi-Fi with a 90% success rate in most modern routers built since 2013.
The attack exploits a vulnerability in the beamforming feedback information (BFI) technology that has graced our routers since the introduction of 802.11ac, otherwise known as Wi-Fi 5.
The research, which comes from academics belonging to two Chinese universities and one Singaporean university, demonstrates how hackers can ‘overhear,’ thus intercept, the clear-text being transmitted between device and router.
Connected to Wi-Fi? Chances are, you may be at risk
According to the researchers, WiKI-Eve “achieves 88.9% inference accuracy for individual keystrokes and up to 65.8% top-10 accuracy for stealing passwords of mobile applications.”
A separate SafetyDetectives study shows 13 of the top 30 most commonly used passwords comprise just numbers, stating that “numeric patterns are worldwide favorites.”
The paper goes on to call WiKI-Eve “the first WiFi-based hack-free keystroke eavesdropping system,” adding that the device an attacker chooses to use can be as discrete as a mobile device that supports monitor mode by the Wi-Fi NIC.
Describing a hypothetical situation in which a victim harmlessly connects to a public network, the researchers state that a password securely entered into a legitimate site is not as secure as one would hope, thanks to this vulnerability introduced with Wi-Fi 5 routers.
In a bid to demonstrate just how easy it is for an attacker to obtain information about a user, the team goes on to set up a real-world case study where they are able to access a set-up victim’s WeChat Pay information when using an iPhone, alluding to compromised credentials and even information about the digital payment.
While the theoretical and lab-grown examples produce alarming results, real-world executions of such attacks are fortunately less common, however the study plays an important role in demonstrating the clear need for improved wireless security moving forward.
More from TechRadar Pro
This post originally appeared on TechToday.