Researchers spin up terrifying hacker drone that can ‘see through walls’ with Wifi

Screenshot: Lucas Ropek/Ali Abedi and Deepak Vasisht

Using a commercial $20 drone, researchers at the University of Waterloo in Ontario have created what is effectively an airborne scanning device that can triangulate the location of all WiFi-connected devices in your home. wow

Researchers Ali Abedi and Deepak Vasisht, who recently presented their findings at the 28th Annual International Conference on Mobile Computing and Networking, call this contraption “Wi-Peep,” which is a deceptively cute name for a project with such horrifying implications. . Wi-Peep is involved in what the researchers call a “location-revealing privacy attack” that can manipulate data from WiFi networks and use it to “see through walls” or, rather, approximate the location of devices through stealth scanning.

How does the attack work?

The researchers say their device exploits security flaws in IEEE 802.11, a long-standing wireless protocol for local access networks that has a history of problems with data interception and eavesdropping. The program deploys what is known as a “time-of-flight” (ToF) technique, which uses a data manipulation trick to measure the physical distance between a signal and an object.

All of this is possible because of a security “hole” in most WiFi networks that researchers have dubbed “polite WiFi.” In essence, all smart devices are ready to automatically respond to “contact attempts” from other devices in their area, even if the network is protected by password protection. To manipulate this vulnerability, Wi-Peep emits a ToF signal that attempts to contact local devices, and subsequently enables the “covert location” of specific WiFi-powered devices within a particular building or area. The nature of the device can be assessed using information extracted from its MAC address, the unique identifier given to devices on a given network. Obviously, this means that things like your Smart TV, Amazon Echo, cell phone, laptop, or any other “smart” device would be visible to the sneaky little spy.

The researchers imagine some pretty creepy scenarios involving the clandestine collection of Wi-Peep data. Abedi and Vasisht worry that a hacker armed with such a device could “infer the location of home occupants, security cameras and even home intrusion sensors.”

G/O Media may receive a commission

Taking it a step further, they imagine an intruder:

A thief could use this information to locate valuable items such as laptops and identify prime opportunities when people are not at home or out of a specific area (eg everyone is in the basement) by tracking their phones smartphones or smart watches.

During his presentation, Abedi also hypothesized that the tool could be used to “track the movements of security guards inside a bank by tracking the location of their phones or smartwatches. Similarly, a thief could identify the location and type of smart devices in a home, including security cameras, laptops and smart TVs, to find a good candidate for a burglary.Also, device operation via drone means it can be used quickly and remotely without much chance of the user being detected.”

Abedi and Vasisht say they hope their research will lead to the development of better protections for WiFi protocols so that future iterations are not as vulnerable to attacks as current ones. “We hope that our work will inform the design of next-generation protocols,” the researchers write.

Leave a Comment

Your email address will not be published. Required fields are marked *