pith. sign in

arxiv: 2605.04570 · v1 · submitted 2026-05-06 · 💻 cs.CR

PINSIGHT: A Comprehensive Threat Exploration of Domain-Adaptive Wi-Fi based PIN Code Inference

Johannes Kortz , Paul Staat , Christof Paar , Christian Zenger This is my paper

Pith reviewed 2026-05-08 17:38 UTC · model grok-4.3

classification 💻 cs.CR
keywords Wi-Fi sensingPIN inferenceside-channel attackdomain adaptationthreat evaluationrobotic platformgeneralization performance
0
0 comments X

The pith

Wi-Fi PIN inference attacks generalize across environments but fail when typing variations occur, making reported accuracies unrepresentative of real-world threats.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces PINSIGHT, a methodology using a robotic typing platform to isolate how Wi-Fi signals change due to environment versus due to the act of typing PIN codes. It evaluates existing attacks and finds they handle new rooms or setups well but lose accuracy when the radio signature of keystrokes differs, as happens with different people or keyboards. This separation shows that prior claims of environment-independent high performance rely on conditions not present in actual attacks. Readers should care because it means these side-channel threats to PIN security may be less severe than lab results suggest, prompting better evaluation of such attacks.

Core claim

Using a robotic typing platform to generate repeatable keystrokes while varying the environment in controlled ways, the authors create a benchmark dataset. State-of-the-art Wi-Fi PIN inference methods generalize reliably across environmental changes but degrade substantially when the channel encoding of the typing action itself shifts, which defines realistic attack scenarios with varying users and devices. Therefore, previously reported high accuracies do not reflect the actual real-world threat.

What carries the argument

The robotic typing platform that enables separation of environmental variation effects from PIN code typing effects in Wi-Fi channel estimations.

If this is right

  • Attacks can adapt to changes in the surrounding environment.
  • Performance drops when the encoding of typing in the channel changes.
  • The state-of-the-art performance is not representative of real-world conditions.
  • This provides the first benchmark dataset for environment generalization in Wi-Fi PIN inference.
  • Future assessments must consider shifts in typing-induced radio effects.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Attacks may need training data from multiple users and devices to improve real-world performance.
  • Physical security measures around PIN entry could focus less on Wi-Fi eavesdropping if typing variations are hard to model.
  • Similar domain adaptation issues might exist in other Wi-Fi sensing applications like gesture recognition.

Load-bearing premise

The robotic typing platform produces keystroke events whose radio-wave effects are representative of human typing variations across users and devices.

What would settle it

Measure attack accuracy on human-typed PINs in varied environments and compare to the robotic platform results; if human typing causes even lower accuracy, it confirms the degradation.

Figures

Figures reproduced from arXiv: 2605.04570 by Christian Zenger, Christof Paar, Johannes Kortz, Paul Staat.

Figure 1
Figure 1. Figure 1: Illustration of signal propagation and Wi-Fi based PIN inference using BFI in the WiKI-Eve approach [25]. view at source ↗
Figure 3
Figure 3. Figure 3: Timeseries of BFI averaged over all subcarrier fre￾quencies for 30 repeated entries of the same PIN, showing high repeatability and the effect of randomized start and end positions. antenna testing [16, 30]. The combination of robotic arm and EM phantom hand is depicted in view at source ↗
Figure 4
Figure 4. Figure 4: The PINsight dataset for benchmarking cross￾domain Wi-Fi-based PIN code inference. With repeatable typing and controlled domain variation, it enables targeted ablation studies and rigorous threat assessment. 0 2 4 6 Time [s] 0.0 0.2 0.4 Amplitude 4 6 7 9 4 6 0 2 4 6 Time [s] 4 6 7 9 4 6 0 2 4 6 Time [s] 4 6 7 9 4 6 (a) Left to right: rooms 3, 4, and 10 with router position 1 0 2 4 6 Time [s] 0.0 0.2 0.4 Am… view at source ↗
Figure 5
Figure 5. Figure 5: Amplitude time series for PIN 467946 across three rooms and two router positions. Notably, rooms 3 and 4 ex￾hibit similar patterns. 4.4 Large-Scale Domain Variation Dataset We use the setup described above to collect the PINsight dataset, the first large-scale dataset explicitly designed for evaluating do￾main variation in Wi-Fi-based PIN code inference attacks. The dataset spans 960 domains across 16 room… view at source ↗
Figure 6
Figure 6. Figure 6: Architecture of our WiKI-Eve inspired digit predic view at source ↗
Figure 8
Figure 8. Figure 8: Generalization performance across individual held view at source ↗
Figure 11
Figure 11. Figure 11: Comparison of (a) domain adaptation methods view at source ↗
Figure 10
Figure 10. Figure 10: Evaluation of how data properties affect PIN code view at source ↗
Figure 12
Figure 12. Figure 12: Effect of external influences during the attack: (a) view at source ↗
Figure 15
Figure 15. Figure 15: Effect of reference sample selection on attacker view at source ↗
Figure 16
Figure 16. Figure 16: The accuracy of the model drops to 2.5% when the view at source ↗
Figure 17
Figure 17. Figure 17: Domain transfer performance of WindTalker. As view at source ↗
read the original abstract

Wi-Fi signals can be exploited by adversaries as a sensing side channel to eavesdrop on physical information. By monitoring propagation effects of radio waves within the victim's environment, attackers can remotely infer sensitive information. One particularly concerning example is PIN code inference, where the attacker faces the challenge of mapping Wi-Fi physical-layer channel estimations back into typed digits. While effective in their training environment, such attacks typically fail as soon as they are deployed in unseen environments. The current state-of-the-art attack, WiKI-Eve, attempts to overcome this problem using a deep-learning approach, reporting high PIN code inference accuracy independent of environments, devices, and users. While this suggests a significant real-world threat, it is not well understood how far the attack actually reaches, nor what its underlying generalization performance is based on. In this work, we close this gap by presenting PINSIGHT, a novel methodology that separates the effects of environmental variation and PIN code typing. This enables the first rigorous threat assessment of such attacks, evaluating their generalization capabilities and limitations. Our approach leverages a robotic typing platform that produces highly repeatable keystroke events across systematically varied environment changes [...]. This dataset constitutes the first benchmark for environment generalization in Wi-Fi PIN code inference attacks. Evaluating several state-of-the-art methods, we find that attacks generalize reliably across changes in the surrounding environment but degrade substantially when the channel's encoding of typing itself shifts - precisely the condition that defines a realistic attack scenario. We conclude that the reported performance of current state-of-the-art Wi-Fi PIN inference attacks is not representative of the actual real-world threat.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 1 minor

Summary. The paper introduces PINSIGHT, a methodology that uses a robotic typing platform to create a controlled benchmark dataset separating environmental variations from typing-induced changes in Wi-Fi CSI for PIN code inference attacks. It evaluates several SOTA methods (including WiKI-Eve) on this dataset and reports that attacks generalize reliably across environment changes but degrade substantially when the channel encoding of typing shifts, leading to the conclusion that reported SOTA performance is not representative of real-world threats.

Significance. If the robotic platform's keystroke signatures are shown to statistically match human typing variability, this provides the first rigorous, controlled benchmark for assessing generalization limits in Wi-Fi-based side-channel attacks on PIN entry. It supplies falsifiable empirical evidence that current claims of environment-independent performance do not extend to realistic typing shifts, which could guide both attack improvements and defensive research in wireless sensing security.

major comments (1)
  1. [Methodology (robotic typing platform and dataset construction)] The central claim that degradation occurs 'when the channel's encoding of typing itself shifts' (abstract) and that this defines a realistic attack scenario rests on the unverified assumption that the robotic platform's repeatable keystrokes produce CSI perturbations whose distribution matches human typing variations (pressure, timing jitter, finger angle, device resonance). No quantitative comparison or validation experiment against human data is described; if the robot signatures are narrower or artifactual, the observed non-generalization could be platform-specific rather than a fundamental channel property. This is load-bearing for the threat-assessment conclusion.
minor comments (1)
  1. [Abstract / Introduction] The abstract states that the dataset is 'the first benchmark' but does not cite or compare against any prior Wi-Fi CSI datasets used for keystroke or PIN inference; a brief related-work paragraph on existing CSI keystroke corpora would clarify novelty.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback on our manuscript. We address the major comment below and outline the revisions we will make.

read point-by-point responses

  1. Referee: The central claim that degradation occurs 'when the channel's encoding of typing itself shifts' (abstract) and that this defines a realistic attack scenario rests on the unverified assumption that the robotic platform's repeatable keystrokes produce CSI perturbations whose distribution matches human typing variations (pressure, timing jitter, finger angle, device resonance). No quantitative comparison or validation experiment against human data is described; if the robot signatures are narrower or artifactual, the observed non-generalization could be platform-specific rather than a fundamental channel property. This is load-bearing for the threat-assessment conclusion.

    Authors: We acknowledge that the manuscript does not include a quantitative validation comparing the distribution of CSI perturbations from the robotic platform to human typing data. The robotic platform was selected specifically to achieve high repeatability and precise control over keystroke parameters, enabling the isolation of environmental effects from typing-induced variations as described in Section 3. This controlled setup addresses a key challenge in prior work where human variability confounds such separation. However, we agree that without explicit statistical matching to human data (e.g., on pressure, timing jitter, or finger angle), the observed degradation when typing encoding shifts could include platform-specific artifacts. In the revised manuscript, we will add a dedicated paragraph in the 'Limitations and Future Work' section that explicitly states this assumption, discusses the potential differences between robotic and human keystroke signatures, and clarifies that our conclusions apply to the controlled benchmark while noting that real-world human typing may introduce additional variability. We will also update the abstract and conclusion to temper the threat-assessment language accordingly. These changes will be made without requiring new data collection. revision: partial

Circularity Check

0 steps flagged

No circularity: empirical benchmark evaluation is self-contained

full rationale

The paper presents an experimental methodology that creates a robotic typing dataset to isolate environmental versus typing-induced channel variations, then directly measures degradation of existing Wi-Fi PIN inference attacks on that dataset. No mathematical derivation, fitted parameter renamed as prediction, or self-citation chain is invoked to reach the central claim; the conclusion follows from observed performance differences between controlled environment shifts and typing shifts. The robotic platform is an input assumption whose validity can be externally tested, but it does not create a self-referential loop in any claimed derivation.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No mathematical derivations or new physical entities are introduced; the work is an empirical threat assessment relying on standard assumptions of wireless channel modeling and machine-learning evaluation.

pith-pipeline@v0.9.0 · 5594 in / 1184 out tokens · 40390 ms · 2026-05-08T17:38:55.856705+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

55 extracted references · 55 canonical work pages

  1. [1]

    [n. d.]. IEEE Standard for Information technology—Telecommunications and information exchange between systems Local and metropolitan area networks— Specific requirements - Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. doi:10.1109/IEEESTD.2016.7786995

    work page doi:10.1109/ieeestd.2016.7786995 2016

  2. [2]

    [n. d.]. PINsight: Code Repository and Dataset. To be announced

    work page

  3. [3]

    GitHub - Nest-Fi/WiKI-Eve

    2023. GitHub - Nest-Fi/WiKI-Eve. https://github.com/Nest-Fi/WiKI-Eve (ac- cessed: April 29, 2026)

    work page 2023

  4. [4]

    Heba Abdelnasser, Moustafa Youssef, and Khaled A. Harras. 2015. WiGest: A ubiquitous WiFi-based gesture recognition system. In2015 IEEE Conference on Computer Communications (INFOCOM) (INFOCOM ’15). 1472–1480. doi:10.1109/ INFOCOM.2015.7218525

    work page arXiv 2015

  5. [5]

    Ali Abedi, Haofan Lu, Alex Chen, Charlie Liu, and Omid Abari. 2024. WiFi Physical Layer Stays Awake and Responds When it Should Not.IEEE Internet of Things Journal11, 3 (Feb. 2024), 4483–4496. doi:10.1109/JIOT.2023.3300788

    work page doi:10.1109/jiot.2023.3300788 2024

  6. [6]

    Liu, Wei Wang, and Muhammad Shahzad

    Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2015. Keystroke Recognition Using WiFi Signals. InProceedings of the 21st Annual International Conference on Mobile Computing and Networking (MobiCom ’15). ACM, Paris, France, 90–102. doi:10.1145/2789168.2790109

    work page doi:10.1145/2789168.2790109 2015

  7. [7]

    Liu, Wei Wang, and Muhammad Shahzad

    Kamran Ali, Alex X. Liu, Wei Wang, and Muhammad Shahzad. 2017. Recognizing Keystrokes Using WiFi Devices.IEEE Journal on Selected Areas in Communications 35, 5 (May 2017), 1175–1190. doi:10.1109/jsac.2017.2680998

    work page doi:10.1109/jsac.2017.2680998 2017

  8. [8]

    Wi-Fi Alliance. 2025. Powering a connected world: Wi-Fi®momentum in

    work page 2025

  9. [9]

    https://www.wi-fi.org/beacon/the-beacon/powering-connected-world- wi-fi-momentum-2025 (accessed: April 29, 2026)

    work page 2025

  10. [10]

    Arijit Banerjee, Dustin Maas, Maurizio Bocca, Neal Patwari, and Sneha Kasera

    work page

  11. [11]

    InProceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec ’14)

    Violating Privacy through Walls by Passive Monitoring of Radio Windows. InProceedings of the 2014 ACM Conference on Security and Privacy in Wireless & Mobile Networks (WiSec ’14). ACM, Oxford, United Kingdom, 69–80. doi:10. 1145/2627393.2627418

    work page arXiv 2014

  12. [12]

    Suryoday Basak and Mahanth Gowda. 2022. mmSpy: Spying Phone Calls using mmWave Radars. In2022 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 1211–1228. doi:10.1109/SP46214.2022.9833568

    work page doi:10.1109/sp46214.2022.9833568 2022

  13. [13]

    Chen Chen, Gang Zhou, and Youfang Lin. 2023. Cross-Domain WiFi Sensing with Channel State Information: A Survey.Comput. Surveys55, 11 (Nov. 2023), 1–37. doi:10.1145/3570325

    work page doi:10.1145/3570325 2023

  14. [14]

    Siyu Chen, Hongbo Jiang, Jingyang Hu, Zhu Xiao, and Daibo Liu. 2024. Silent Thief: Password Eavesdropping Leveraging Wi-Fi Beamforming Feedback from POS Terminal. InIEEE INFOCOM 2024 - IEEE Conference on Computer Communi- cations. 321–330. doi:10.1109/INFOCOM52122.2024.10621321

    work page doi:10.1109/infocom52122.2024.10621321 2024

  15. [15]

    Siyu Chen, Hongbo Jiang, Jingyang Hu, Tianyue Zheng, Mengyuan Wang, Zhu Xiao, Daibo Liu, and Jun Luo. 2024. Echoes of Fingertip: Unveiling POS Terminal Passwords Through Wi-Fi Beamforming Feedback.IEEE Transactions on Mobile Computing(2024), 1–14. doi:10.1109/TMC.2024.3465564

    work page doi:10.1109/tmc.2024.3465564 2024

  16. [16]

    Yanjiao Chen, Runmin Ou, Zhiyang Li, and Kaishun Wu. 2020. WiFace: Fa- cial Expression Recognition Using Wi-Fi Signals.IEEE Transactions on Mobile Computing(2020), 1–1. doi:10.1109/TMC.2020.3001989

    work page doi:10.1109/tmc.2020.3001989 2020

  17. [17]

    2008.Bistatic Radar: Emerging Technology

    Mikhail Cherniakov. 2008.Bistatic Radar: Emerging Technology. John Wiley & Sons, Chichester, England

    work page 2008

  18. [18]

    Andreas Christ, Adrian Aeschbacher, Fereshteh Rouholahnejad, Theodoros Sama- ras, Bernadetta Tarigan, and Niels Kuster. 2021. Reflection Properties of the Human Skin From 40 to 110 GHz: A Confirmation Study.Bioelectromagnetics42, 7 (Oct. 2021), 562–574. doi:10.1002/bem.22362

    work page doi:10.1002/bem.22362 2021

  19. [19]

    Roberto Cipolla, Yarin Gal, and Alex Kendall. 2018. Multi-task Learning Us- ing Uncertainty to Weigh Losses for Scene Geometry and Semantics. In2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7482–7491. doi:10.1109/CVPR.2018.00781

    work page doi:10.1109/cvpr.2018.00781 2018

  20. [20]

    Song Fang, Ian Markwood, Yao Liu, Shangqing Zhao, Zhuo Lu, and Haojin Zhu

    work page

  21. [21]

    InProceedings of the 2018 ACM SIGSAC Conference on Computer and Communi- cations Security

    No Training Hurdles: Fast Training-Agnostic Attacks to Infer Your Typing. InProceedings of the 2018 ACM SIGSAC Conference on Computer and Communi- cations Security. ACM, Toronto Canada, 1747–1760. doi:10.1145/3243734.3243755

    work page doi:10.1145/3243734.3243755 2018

  22. [22]

    Yaroslav Ganin and Victor Lempitsky. 2015. Unsupervised Domain Adaptation by Backpropagation. InProceedings of the 32nd International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 37), Francis Bach and David Blei (Eds.). PMLR, Lille, France, 1180–1189. https://proceedings.mlr.press/ v37/ganin15.html

    work page 2015

  23. [23]

    Francesco Gringoli, Matthias Schulz, Jakob Link, and Matthias Hollick. 2019. Free Your CSI: A Channel State Information Extraction Platform For Modern Wi-Fi Chipsets. InProceedings of the 13th International Workshop on Wireless Network Testbeds, Experimental Evaluation & Characterization (WiNTECH ’19). 21–28. https://doi.org/10.1145/3349623.3355477

    work page doi:10.1145/3349623.3355477 2019

  24. [24]

    Ishaan Gulrajani and David Lopez-Paz. 2021. In Search of Lost Domain Generalization. InInternational Conference on Learning Representations (ICLR). https://iclr.cc/virtual/2021/poster/2998

    work page 2021

  25. [25]

    Daniel Halperin, Wenjun Hu, Anmol Sheth, and David Wetherall. 2011. Tool Re- lease: Gathering 802.11n Traces with Channel State Information.ACM SIGCOMM Computer Communication Review41, 1 (2011), 53

    work page 2011

  26. [26]

    Khandaker Foysal Haque, Francesca Meneghello, and Francesco Restuccia. 2023. Wi-BFI: Extracting the IEEE 802.11 Beamforming Feedback Information from Commercial Wi-Fi Devices. InProceedings of the 17th ACM Workshop on Wireless Network Testbeds, Experimental evaluation & Characterization. ACM, Madrid Spain, 104–111. doi:10.1145/3615453.3616514

    work page doi:10.1145/3615453.3616514 2023

  27. [27]

    Khandaker Foysal Haque, Milin Zhang, Francesca Meneghello, and Francesco Restuccia. 2023. BeamSense: Rethinking Wireless Sensing with MU-MIMO Wi-Fi Beamforming Feedback. doi:10.48550/ARXIV.2303.09687

    work page doi:10.48550/arxiv.2303.09687 2023

  28. [28]

    Jingyang Hu, Hongbo Wang, Tianyue Zheng, Jingzhi Hu, Zhe Chen, Hongbo Jiang, and Jun Luo. 2023. Password-Stealing without Hacking: Wi-Fi Enabled Practical Keystroke Eavesdropping. InProceedings of the 2023 ACM SIGSAC Con- ference on Computer and Communications Security. ACM, Copenhagen Denmark, 239–252. doi:10.1145/3576915.3623088

    work page doi:10.1145/3576915.3623088 2023

  29. [29]

    IEEE 802.11 working group. 2025. IEEE P802.11 - TASK GROUP BF (WLAN SENSING). https://www.ieee802.org/11/Reports/tgbf_update.htm (accessed: April 29, 2026)

    work page 2025

  30. [30]

    Chenghan Jiang, Jinjiang Yang, Xinyi Li, Qi Li, Xinyu Zhang, and Ju Ren. 2024. RISiren: Wireless Sensing System Attacks via Metasurface. InProceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. ACM, Salt Lake City, USA

    work page 2024

  31. [31]

    Wenqiang Jin, Srinivasan Murali, Huadi Zhu, and Ming Li. 2021. Periscope: A Keystroke Inference Attack Using Human Coupled Electromagnetic Ema- nations. InProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. ACM, Virtual Event Republic of Korea, 700–714. doi:10.1145/3460120.3484549

    work page doi:10.1145/3460120.3484549 2021

  32. [32]

    Prannay Khosla, Piotr Teterwak, Chen Wang, Aaron Sarna, Yonglong Tian, Phillip Isola, Aaron Maschinot, Ce Liu, and Dilip Krishnan. 2020. Supervised Contrastive Learning. InAdvances in Neural Information Processing Systems, H. Larochelle, M. Ranzato, R. Hadsell, M.F. Balcan, and H. Lin (Eds.), Vol. 33. Curran Associates, Inc., 18661–18673. https://proceedi...

    work page 2020

  33. [33]

    Chung-Huan Li, Erdem Ofli, Nicolas Chavannes, and Niels Kuster. 2009. Effects of Hand Phantom on Mobile Phone Antenna Performance.IEEE Transactions on Antennas and Propagation57, 9 (2009), 2763–2770. doi:10.1109/TAP.2009.2027081

    work page doi:10.1109/tap.2009.2027081 2009

  34. [34]

    Mengyuan Li, Yan Meng, Junyi Liu, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2016. When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals. InProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS ’16). ACM, Vienna Austria, 1068–1079. doi:10.1145/2976749.2978397

    work page doi:10.1145/2976749.2978397 2016

  35. [35]

    Eldar, and Stefano Buzzi

    Fan Liu, Yuanhao Cui, Christos Masouros, Jie Xu, Tony Xiao Han, Yonina C. Eldar, and Stefano Buzzi. 2022. Integrated Sensing and Communications: Toward Dual- Functional Wireless Networks for 6G and Beyond.IEEE Journal on Selected Areas in Communications40, 6 (June 2022), 1728–1767. doi:10.1109/JSAC.2022.3156632

    work page doi:10.1109/jsac.2022.3156632 2022

  36. [36]

    Mingsheng Long, Yue Cao, Jianmin Wang, and Michael Jordan. 2015. Learning Transferable Features with Deep Adaptation Networks. InProceedings of the 32nd International Conference on Machine Learning (Proceedings of Machine Learning Research, Vol. 37), Francis Bach and David Blei (Eds.). PMLR, Lille, France, 97–105. https://proceedings.mlr.press/v37/long15.html

    work page 2015

  37. [37]

    J. Luo, H. Cao, H. Jiang, Y. Yang, and Z. Chen. 2024. MIMOCrypt: Multi-User Privacy-Preserving Wi-Fi Sensing via MIMO Encryption. In2024 IEEE symposium on security and privacy (SP). IEEE, San Francisco, CA, USA. doi:10.1109/SP54263. 2024.00025

    work page doi:10.1109/sp54263 2024

  38. [38]

    Yongsen Ma, Gang Zhou, and Shuangquan Wang. 2019. WiFi Sensing with Channel State Information: A Survey.Comput. Surveys52, 3 (2019), 1–36. doi:10. 1145/3310194

    work page 2019

  39. [39]

    Yan Meng, Jinlei Li, Haojin Zhu, Xiaohui Liang, Yao Liu, and Na Ruan. 2020. Revealing Your Mobile Password via WiFi Signals: Attacks and Countermeasures. IEEE Transactions on Mobile Computing19, 2 (Feb. 2020), 432–449. doi:10.1109/ tmc.2019.2893338

    work page arXiv 2020

  40. [40]

    Rohith Reddy Vennam, Ish Kumar Jain, Kshitiz Bansal, Joshua Orozco, Puja Shukla, Aanjhan Ranganathan, and Dinesh Bharadia. 2023. mmSpoof: Resilient Spoofing of Automotive Millimeter-wave Radars using Reflect Array. In2023 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, 1807–1821. doi:10.1109/SP46215.2023.10179371

    work page doi:10.1109/sp46215.2023.10179371 2023

  41. [41]

    Xingfa Shen, Zhenxian Ni, Lili Liu, Jian Yang, and Kabir Ahmed. 2021. WiPass: 1D-CNN-based smartphone keystroke recognition Using WiFi signals.Pervasive and Mobile Computing73 (June 2021), 101393. doi:10.1016/j.pmcj.2021.101393 Kortz et al

    work page doi:10.1016/j.pmcj.2021.101393 2021

  42. [42]

    Zhang Shichen. 2025. RadSee: See Your Handwriting Through Walls Using FMCW Radar. InNDSS 2025 (NDSS ’25). Internet Society, San Diego, California, USA. https://www.cse.msu.edu/~caozc/papers/ndss25-zhang.pdf

    work page 2025

  43. [43]

    Paul Staat, Simon Mulzer, Stefan Roth, Veelasha Moonsamy, Markus Heinrichs, Rainer Kronberger, Aydin Sezgin, and Christof Paar. 2022. IRShield: A Coun- termeasure Against Adversarial Physical-Layer Wireless Sensing. In2022 IEEE Symposium on Security and Privacy (SP). 1705–1721. doi:10.1109/SP46214.2022. 9833676

    work page doi:10.1109/sp46214.2022 2022

  44. [44]

    Simon Tewes, Markus Heinrichs, Rainer Kronberger, and Aydin Sezgin. 2022. IRS-Enabled Breath Tracking With Colocated Commodity WiFi Transceivers. IEEE Internet of Things Journal10, 8 (2022), 6870–6886. https://ieeexplore.ieee. org/abstract/document/9978609/

    work page arXiv 2022

  45. [45]

    Deepak Vasisht, Swarun Kumar, and Dina Katabi. 2016. Decimeter-Level Lo- calization with a Single WiFi Access Point. InProceedings of the 13th Usenix Conference on Networked Systems Design and Implementation (NSDI ’16). USENIX Association, Santa Clara, CA, 165—178

    work page 2016

  46. [46]

    Hongbo Wang, Jingyang Hu, Tianyue Zheng, Jingzhi Hu, Zhe Chen, Hongbo Jiang, Yuanjin Zheng, and Jun Luo. 2024. MuKI-Fi: Multi-Person Keystroke Infer- ence With BFI-Enabled Wi-Fi Sensing.IEEE Transactions on Mobile Computing 23, 10 (Oct. 2024), 9835–9850. doi:10.1109/TMC.2024.3368339

    work page doi:10.1109/tmc.2024.3368339 2024

  47. [47]

    Rui Xiao, Xiankai Chen, Yinghui He, Jun Han, and Jinsong Han. 2025. Lend Me Your Beam: Privacy Implications of Plaintext Beamforming Feedback in WiFi. In Proceedings 2025 Network and Distributed System Security Symposium. Internet Society, San Diego, CA, USA. doi:10.14722/ndss.2025.240005

    work page doi:10.14722/ndss.2025.240005 2025

  48. [48]

    Yaxiong Xie, Zhenjiang Li, and Mo Li. 2015. Precise Power Delay Profiling with Commodity WiFi. InProceedings of the 21st Annual International Conference on Mobile Computing and Networking (MobiCom ’15). ACM, Paris, France, 53–64

    work page 2015

  49. [49]

    Edwin Yang, Song Fang, Ian Markwood, Yao Liu, Shangqing Zhao, Zhuo Lu, and Haojin Zhu. 2022. Wireless Training-Free Keystroke Inference Attack and Defense.IEEE/ACM Transactions on Networking30, 4 (Aug. 2022), 1733–1748. doi:10.1109/tnet.2022.3147721

    work page doi:10.1109/tnet.2022.3147721 2022

  50. [50]

    Edwin Yang, Qiuye He, and Song Fang. 2022. WINK: Wireless Inference of Numerical Keystrokes via Zero-Training Spatiotemporal Analysis. InProceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. ACM, Los Angeles, CA, USA, 3033–3047. doi:10.1145/3548606.3559339

    work page doi:10.1145/3548606.3559339 2022

  51. [51]

    Enze Yi, Dan Wu, Jie Xiong, Fusang Zhang, Kai Niu, Wenwei Li, and Daqing Zhang. 2024. BFMSense: WiFi sensing using beamforming feedback matrix. In Proceedings of the 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI ’24). 1697–1712

    work page 2024

  52. [52]

    Yi Zhu, Chenglin Miao, Hongfei Xue, Zhengxiong Li, Yunnan Yu, Wenyao Xu, Lu Su, and Chunming Qiao. 2023. TileMask: A Passive-Reflection-based Attack against mmWave Radar Object Detection in Autonomous Driving. InProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23). ACM, Copenhagen Denmark, 1317–1331

    work page 2023

  53. [53]

    Jie Zhang, Xiaolong Zheng, Zhanyong Tang, Tianzhang Xing, Xiaojiang Chen, Dingyi Fang, Rong Li, Xiaoqing Gong, and Feng Chen. 2016. Privacy Leakage in Mobile Sensing: Your Unlock Passwords Can Be Leaked through Wireless Hotspot Functionality.Mobile Information Systems2016 (2016), 1–14. doi:10. 1155/2016/8793025

    work page 2016

  54. [54]

    Hai Zhu, Enlai Dong, Mengmeng Xu, Hongxiang Lv, and Fei Wu. 2024. Com- modity Wi-Fi-Based Wireless Sensing Advancements over the Past Five Years. Sensors24, 22 (Nov. 2024), 7195. doi:10.3390/s24227195

    work page doi:10.3390/s24227195 2024

  55. [55]

    Zhao, and Heather Zheng

    Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, and Heather Zheng. 2020. Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors. In27th Annual Network and Distributed System Security Symposium (NDSS ’20). Internet Society, San Diego, California, USA. A Features BFI timeseries are inherently high dimensional as ...

    work page 2020