Always know you can trust the Wi-Fi network you’re connection to. Always.
There are lots of individual mechanisms for extracting a pin or password from a user without their knowledge. Some involve cameras, we’ve seen examples of guessing based on smudges on the screen, and of course if you have direct access to the phone itself there are other avenues. Adrian Croyler shared a new mechanism being used that relies on Wi-Fi interference from your hand, which is both fascinating and terrifying.
WiKey uses CSI waveform patterns to distinguish keystrokes on an external keyboard. WiPass detects graphical unlock passwords. But WindTalker is particularly effective because it doesn’t require any access to the victim’s phone, and works with regular mobile phones, and it piggy-backs on an existing wifi connection.
Now, there’s a lot of ifs and maybes in the current implementation of…