Description

Inferring which keys a user is typing on a keyboard from CSI fluctuations caused by finger and hand motion above the keys. The problem is the canonical worst-case privacy demonstration for WiFi sensing: a modest commodity NIC can recover keystrokes with surprisingly high per-key accuracy from across the room without the user's knowledge. It is niche in volume of follow-up work but heavily cited as evidence that "wireless sensing" is also "wireless side-channel attack".

Why it's hard (and why that matters)

  • Keystrokes are sub-second, low-energy events — recovery requires fine CSI temporal resolution.
  • Cross-keyboard, cross-user, and cross-environment transfer is poor in defensive terms (good for the user) and an active research problem in offensive terms.
  • The problem demonstrates that any deployed CSI-sensing system could be repurposed as a side-channel, which constrains acceptable deployments.
  • Mitigations (jammers, randomized typing, physical shielding) are awkward; the simplest defense is to disable CSI extraction at the AP.

Common approaches

  • CSI amplitude-and-phase per-key fingerprinting with classical classifiers.
  • Per-keyword recovery using language priors over recovered key sequences.
  • Channel-feature engineering tuned to the upper-band keystroke frequency.

Source Papers

  • ali2015_d284 Keystroke Recognition Using WiFi Signals (WiKey, MobiCom 2015).
  • wang2019_d6f9 — survey on human-behavior recognition using CSI.

4 vault papers address this problem

Titles and DOIs only — no abstracts, no analyses.

  • WiFi Sensing with Channel State Information 2020 DOI ↗
  • A Survey on Human Behavior Recognition Using Channel State Information 2019 DOI ↗
  • Keystroke Recognition Using WiFi Signals 2015 DOI ↗
  • Channel State Information from Pure Communication to Sense and Track Human Motion: A Survey 2019 DOI ↗