Connect with us

Hi, what are you looking for?


Mobile & Wireless

Researchers Use WiFi Signals to Read Keystrokes

Wi-Fi signals can be exploited to recognize keystrokes and a system that can do so has been already created, a newly published research paper reveals.

Wi-Fi signals can be exploited to recognize keystrokes and a system that can do so has been already created, a newly published research paper reveals.

According to researchers at Michigan State University, and Nanjing University in China, the user’s movement over the keyboard generates a unique pattern in the time-series of Channel State Information (CSI) values. Moreover, researchers argue that a Wi-Fi signal based keystroke recognition system called WiKey can recognize typed keys based on CSI values at the Wi-Fi signal receiver end.

In their setup, researchers used two Commercial Off-The-Shelf (COTS) Wi-Fi devices: a sender (a TP-Link TL-WR1043ND WiFi router) and a receiver (a Lenovo X200 laptop). The sender continuously emits signals and the receiver continuously receives signals, while WiKey monitors the CSI values.

Wi-Fi IconAccording to the researchers, their system can achieve a detection rate of over 97.5% for keystrokes, and an accuracy of more than 96.4% when classifying single keys. Furthermore, researchers claim that, in real-world experiments, the WiKey system “can recognize keystrokes in a continuously typed sentence with an accuracy of 93.5%.”

The idea, the paper (PDF) reveals, is that user’s hands and fingers move in a unique formation and direction when typing a certain key, which generates a unique pattern in the time-series of CSI values, called CSI-waveform. Thus, researchers say, “the keystrokes for each key introduce relative unique multi-path distortions in WiFi signals and this uniqueness can be exploited to recognize keystrokes.”

The researchers argue that modern WiFi devices support high data rates, which means that the Wi-Fi cards can offer enough CSI values within the duration of a keystroke to create a high resolution CSI-waveform for each keystroke.

“When a human subject types in a keyboard, on the WiFi signal receiver end, WiKey recognizes the typed keys based on how the CSI value changes. CSI values quantify the aggregate effect of wireless phenomena such as fading, multi-paths, and Doppler shift on the wireless signals in a given environment. When the environment changes, such as a key is being pressed, the impact of these wireless phenomena on the wireless signals change, resulting in unique changes in the CSI values,” the paper reads.

The researchers reveal that there are three key technical challenges: to segment the CSI time series to identify the start time and end time of each keystroke; to extract distinguishing features for generating classification models for each of the 37 keys (10 digits, 26 alphabets and 1 space-bar); and to compare shape features of any two keystrokes.

Advertisement. Scroll to continue reading.

Once they figured how to overcome these challenges, the researchers were able to create WiKey, after which they went on to test its accuracy. The system was tested on datasets from 10 users (30 samples of each key from the first 9 users and 80 samples from the last user). The recognition accuracy for the 26 letters is greater compared to that of all 37 keys.

“WiKey achieves an overall keystroke recognition accuracy of 82.87% in case of 37 keys and 83.46% in case of 26 alphabetic keys when averaged over all keys and users. The accuracy of WiKey increases when the number of training samples per key are increased from 30 to 80,” researchers say.

When it comes to real-world testing, “WiKey achieves an average keystroke recognition accuracy of 77.43% for typed sentences when 30 training samples per key were used. WiKey achieves an average keystroke recognition accuracy of 93.47% in continuously typed sentences with 80 training samples per key,” researchers also say.

The system, however, has some limitations, including variations in environment, as it can work well only under relatively stable and controlled environments, researchers say. Human motion in surrounding areas, changes in orientation and distance of transceivers, typing speeds, and keyboard layout and size also influence the accuracy.

Related: Wireless Mouse/Keyboard Dongles Expose Computers to Attacks

Related: Data Theft From Air-Gapped Computers Possible via Cellular Frequencies 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.