Drone-powered device exposes WiFi security vulnerabilities.
A team of researchers at the University of Waterloo has created a drone-powered device that can see through walls using WiFi networks.
The device, called Wi-Peep, can fly close to a building and then use residents’ WiFi to quickly identify and locate any WiFi-enabled devices.
Wi-Peep exploits a flaw in what researchers call polite WiFi. Even if the network is password protected, smart devices will automatically respond to contact attempts from any device within range. Wi-Peep sends a series of messages to the device as it flies and then measures the response time of each device, allowing it to locate the device within a meter radius.
Dr. Ali Abedi, an adjunct professor of computer science at Waterloo, explains the significance of this discovery.
“Wi-Peep devices are like lights in the visible spectrum, and walls are like glass,” Abedi said. “Using similar technology, one could track the movements of security guards in a bank by tracking the location of their phones or smartwatches. Likewise, a thief could determine the location and type of smart devices in the home, including a security camera, laptop and smart TV, to find a good candidate for a break-in. Additionally, the device’s drone operation means it can be used quickly and remotely without much chance of the user being detected.
While scientists have previously studied WiFi security vulnerabilities using bulky, expensive devices, Wi-Peep is notable for its affordability and easy portability. Abedi’s team built it using a store-bought drone and $20 of readily available hardware.
“As soon as the decent WiFi flaw was discovered, we realized that this type of attack was possible,” Abedi said.
The team built the Wi-Peep to test their theory and quickly realized that anyone with the right know-how could easily build a similar device.
“At a basic level, we need to fix the decent WiFi loophole so that our devices don’t respond to strangers,” Abedi said. “We hope our work will help develop the next generation of protocols.”
Meanwhile, he urges WiFi chip makers to introduce artificial, randomized variations in device response time that will make calculations like those used by Wi-Peep wildly inaccurate.
Reference: Ali Abedi and Deepak Vasisht, “Non-Cooperative Wi-Fi Localization and Its Implications for Privacy”, 28th Annual International Conference on Mobile Computing and Networking (ACM MobiCom 22), October 2022.