MuKI-Fi: Multi-Person Keystroke Inference With BFI-Enabled Wi-Fi Sensing

The contact-free sensing nature of Wi-Fi has been leveraged to achieve privacy breaches such as keystroke inference (KI). However, the use of channel state information (CSI) in existing attacks is highly questionable due to its signal instability and hardness to acquire. Moreover, such Wi-Fi-based attacks are confined to only one victim because Wi-Fi sensing offers insufficient range resolution to physically differentiate multiple victims. To this end, we propose MuKI-Fi to enable, for the first time, multi-person KI, leveraging beamforming feedback information (BFI), a new feature offered by latest Wi-Fi hardware, transmitted in clear-text by smartphones. BFI's characteristics, clear-text communication and signal stability, make it readily acquirable and usable by any other Wi-Fi devices switching to monitor mode without the need for low-level hacking on hardware. Moreover, to improve upon existing KI methods offering very limited generalizability across diversified application scenarios, MuKI-Fi innovates in an adversarial learning scheme to enable its inference generalizable towards unseen scenarios. Finally, we discover that, as a smartphone is in close proximity to a victim, the variations of BFI caused by that victim's keystrokes in such near-field substantially outweigh those caused by other distant victims; this phenomenon naturally allows for multi-person KI. Our extensive evaluations clearly demonstrate that MuKI-Fi can effectively eavesdrop on the keystrokes of multiple subjects, achieving 87.1% accuracy for individual keystrokes and up to 81% top-100 accuracy for stealing passwords from mobile applications(e.g., WeChat) on average.