WiPass: CSI-based Keystroke Recognition for Numerical Keypad of Smartphones

Abstract

Nowadays, smartphones are everywhere. They play an indispensable role in our lives and makes people convenient to communicate, pay, socialize, etc. However, they also bring a lot of security and privacy risks. Keystroke operations of numeric keypad are often required when users input password to perform mobile payment or input other privacy-sensitive information. Different keystrokes may cause different finger movements that will bring different interference to WiFi signal, which may be reflected by channel state information (CSI). In this paper, we propose WiPass, a password-keystroke recognition system for numerical keypad input on smartphones, which especially occurs frequently in mobile payment APPs. Based on only a public WiFi hotspot deployed in the victim payment scenario, WiPass would extracts and analyzes the CSI data generated by the password-keystroke operation of the smartphone user, and infers the user's payment password by comparing the CSI waveforms of different keystrokes. We implemented the WiPass system by using COTS WiFi AP devices and smartphones. The average keystroke segmentation accuracy was 80.45%, and the average keystroke recognition accuracy was 74.24%.