Industry Updates

Windtalker Attack May Get Personal Info from Mobile Wifi

windtalkerThere’s a new attack vector to be worried about called “Windtalker.” It allows a hacker to take control of a WiFi hotspot and reverse-engineer keystrokes made by users who are typing via their touchscreens. While that sounds like magic, there are some simple principles involved, and the hackers are merely taking advantage of these.

One of the protocols used by WiFi signals is CSI, which stands for Channel State Information. These are simple radio waves, and when a user types on his or her touchscreen, each letter depressed slightly alters the CSI signal.

If these are intercepted, they then can be reverse-engineered to guess at the information the user in question was typing. This technique is most often to intercept passwords.
Windtalker is still in the earliest stages of its development, but already has a 68% accuracy. Even an inaccurate password guess is helpful, because the hackers can use this as a starting point, then use brute force methodologies to get the rest of the password in question.

This is grim news. Basically, it means that any time you use a public WiFi network, you are at risk.

It’s even worse from the perspective of a business owner, because if you offer your clients free WiFi as part of your service and a hacker intercepts his or her passwords while on your system, it becomes your problem.

The question, then, is what’s the current state of your firm’s digital security?

If you’re not sure, give us a call today. You’ll be speaking with a knowledgeable member of our team who will be happy to discuss your current situation, then analyze and assess your firm’s digital security.

If flaws or weak points are found, we’ll work with you to create a plan to bolster your data security and minimize your risks.