Researchers at Canada’s University of Waterloo have developed a drone-powered device that can use WiFi networks to see through building walls.
The device – called Wi-Peep – can fly near a building and then use the inhabitants’ WiFi network to identify and locate all WiFi-enabled devices inside in a matter of seconds. According to the researchers, the device engages in location-revealing privacy attacks that use WiFi networks to do this – see through the walls.
The Wi-Peep exploits an existing technological weakness the researchers call polite WiFi. Even if a network is password protected, the smart device will automatically respond to contact attempts from any other device within range.
This is where the Wi-Peep comes into play. Weighing less than 10-gram, the device is mounted on an ordinary consumer drone, which is then flown around the outside of a building. Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location within a meter.
“The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass,” said Dr. Ali Abedi, who led the research. “Using similar technology, one could track the movements of security guards inside a bank by following the location of their phones or smartwatches.”
“Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”
In the past, scientists have explored WiFi security vulnerability in the past using bulky, expensive devices. However, created by scientists from just $20 worth of off-the-shelf electronics, the Wi-Peep is notable because of its accessibility and ease of transportation.
The research team built the Wi-Peep to test their theory and quickly realized that anyone with the right expertise could easily create a similar device. “On a fundamental level, we need to fix the Polite WiFi loophole so that our devices do not respond to strangers,” Abedi said. “We hope our work will inform the design of next-generation protocols.”
Researchers also suggested short-term solutions that involve introducing an artificial, randomized variation in device response time, which will make calculations like the ones the Wi-Peep uses wildly inaccurate.
The paper summarizing this research was recently presented at the 28th Annual International Conference on Mobile Computing and Networking.
- Ali Abedi and Deepak Vasisht. Non-cooperative wi-fi localization & its privacy implications. DOI: 10.1145/3495243.3560530