WiPOS: A POS Terminal Password Inference System Based on Wireless Signals

Zijian Zhang, Nurilla Avazov, Jiamou Liu, Bakh Khoussainov, Xin Li, Keke Gai, Liehuang Zhu*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Citations (Scopus)

Abstract

WiFi access points are sources of considerable security risks as the wireless signals have the potential to leak important private information such as passwords. This article examines the security issues posed by point-of-sale (POS) terminals which are widely used in WiFi-covered environments, such as restaurants, banks, and libraries. In particular, we envisage an attack model on passwords entered on POS terminals. We put forward the WiPOS, a password inference system based on wireless signals. Specifically, the WiPOS is a device-free system that uses two commercial off-the-shelf (COTS) devices to collect WiFi signals. Implementing a new keystroke segmentation algorithm and adopting support vector machine (SVM) classifiers with global alignment kernel (GAK), the WiPOS achieves improvement on both keystroke recognition and password prediction. The experimental results show that the WiPOS can achieve more than 73% accuracy for 6-digit password with the top 100 candidates. This article calls the community to take a closer look at the risks posed by the current ubiquitous WiFi devices.

Original languageEnglish
Article number9060824
Pages (from-to)7506-7516
Number of pages11
JournalIEEE Internet of Things Journal
Volume7
Issue number8
DOIs
Publication statusPublished - Aug 2020

Keywords

  • Channel state information
  • password
  • point of sale
  • support vector machine

Fingerprint

Dive into the research topics of 'WiPOS: A POS Terminal Password Inference System Based on Wireless Signals'. Together they form a unique fingerprint.

Cite this