Cybersecurity researchers at the University of Waterloo in Ontario have designed a drone-powered tool that employs WiFi networks to infiltrate barriers.
Called Wi-Peep, the device was created by researchers Ali Abedi and Deepak Vasisht utilizing a drone purchased at a store with $20 worth of cheap components.
According to the study presented at the 28th Annual International Conference on Mobile Computing and Networking, Wi-Peep launches a “location-revealing privacy attack” to exploit the data in WiFi networks and employs it to “see through walls,” or, rather, approximate the location of devices via sneaky scanning.
Modus operandi
With an abundance of Wi-Fi connections, any small vulnerability can damage user privacy. The Wi-Peep device exploits loopholes in the IEEE 802.11 - a longstanding wireless protocol for local access networks - to draw out responses from devices in a wireless network.
First, the Wi-Peep spoofed a beacon frame, causing all devices to immediately send a response that the Wi-Peep detected and used to determine all devices’ MAC addresses. After identifying the MAC addresses, the Wi-Fi deploys an unencrypted data packet to the victim’s device. Without proper encryption, this packet could not control the device; however, thanks to “Polite Wi-Fi,” the device deploys a confirmation, regardless of the contents of the packet.
This confirmation effectively closes the loop between Wi-Peep and the target device, allowing Wi-Peep to spot the device’s location employing a time-of-flight (ToF) measurement combined with the localization model. The measurements precisely determine the device's position with around a meter of accuracy, making it a disturbingly effective localization technique.
Abedi and Vasisht worry that a hacker armed with this device could potentially “infer the location of home occupants, security cameras, and home intrusion sensors.”
During their presentation, researchers stated the device can be employed to “track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”
