A University of Waterloo research team has attached a device to a drone that can use network vulnerabilities Wifi to see through walls.
Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been tested by a device called Wi Peepwhich is essentially $20 worth of easy-to-buy hardware, an out-of-the-box quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.
The way Wi-Peep works is pretty simple: it flies up to a building, then starts exploiting the inhabitant’s Wi-Fi network (via what many call the polite Wi-Fi loophole) and locates all devices connected to it. Wi-Fi in seconds. Therefore, Wi-Peep can identify the location of individual devices up to 1 meter (3.3 feet) away by sending multiple message packets to each device and measuring the response time on each one. Apparently, this method also works with password-protected networks, because devices will continue to ping any Wi-Peep contact attempts.
So it’s not hard to see how this setup (or similar) could be used for nefarious reasons. Dr. Abedi, an assistant professor of computer science at the university, explains that “one could track the movements of security guards inside a bank by following the location of their phones or smart watches. Similarly, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. Also, operating the device via drone means it can be used quickly and remotely without much chance of the user being detected.”
Wi-Fi vulnerabilities have been exploited in the past, but what sets Wi-Peep apart from its bulkier and more complex counterparts is its low cost, ease of assembly, and portability. Of course, it requires someone with the right experience to create, but Abedi and his team have proven that it can be done.
Abedi hopes this revelation can create a game changer for the next generation of Wi-Fi protocols. In the meantime, he urges Wi-Fi chipmakers to have random device response times, which may alter what Wi-Peep can currently do.