A really quite amazing piece of evil genius worthy of a Bond villain or Facebook has been established by a university team, with its Windtalker system using a malicious Wi-Fi hotspot to perform a scan of people trying to connect to it -- and can see their fingers moving.
It requires a MIMO antenna in order to pull off, though, thanks to the waveforms created by the multiple antennas the system uses. The data has been published by the Association of Computing Machinery, which describes the system as a "keystroke inference framework" based on tracking screen coverage impressions and watching the finger movements created by the shadows of the hand atop a phone screen.
They think it works too, with the paper explaining: "We implemented Windtalker on several mobile phones and performed a detailed case study to evaluate the practicality of the password inference towards Alipay, the largest mobile payment platform in the world. The evaluation results show that the attacker can recover the key with a high successful rate."
The technical bits of the full paper add: "Since the received signal reflects the constructive and destructive interference of several multi-path signals scattered from the wall and surrounding objects, the movements of the fingers while password input can generate a unique pattern in the time-series of CSI values, which can be used for keystrokes recognition." [Association of Computing Machinery via The Register]