Recently, researchers showed off a drone with multiple Wi-Fi SoCs that can precisely pinpoint the location of Wi-Fi devices, even through walls, which poses a lot of security concerns. What exactly have the researchers designed, how can it be used for harmful practices, and how can an attack like this be mitigated?
Researchers Create Drone With Wi-Fi Positioning Capabilities
Recently, researchers from the University of Waterloo in Ontario demonstrated a drone that uses off-the-shelf hardware to map Wi-Fi devices and identify their location relative to the drone. If used in a home environment, the drone is able to map all Wi-Fi enabled devices, even if those devices are in other rooms, which allowed researchers to create an accurate map of a network.
The drone, which was named Wi-Peep, was showcased at the 28th Annual International Conference on Mobile Computing and Networking, and the main purpose of the device was to demonstrate current weaknesses in commonly used internet protocols. . Additionally, the researchers described how such a device can be used for criminal activities, including tracking and surveillance.
To make the system work, the researchers turned to an exploit that was somewhat difficult to solve without making major changes to existing hardware. Simply put, the vast majority of Wi-Fi devices will respond when an external device tries to establish a connection, whether the credentials provided are wrong or not. The researchers dubbed this mechanism “Wi-Fi Polite” because Wi-Fi devices will always respond politely when they receive a connection attempt.
Since these connection attempts are timestamped, the researchers then use the flight time to determine the distance between the Wi-Fi device and the drone. The researchers claimed to be able to position the devices accurately to within one meter, which is more than enough to enable further exploits.
Finally, devices that respond to login attempts, even if they don’t contain the correct credentials, will also transmit its MAC address. Since MAC addresses are assigned to manufacturers, many amounts of information can be obtained about the responding device.
How could such a device be used for malicious purposes?
If an attacker has the technological capability to launch the attack described by the researchers, then it could be used for many malicious purposes. The first and most obvious use of such an attack is to identify and track users in homes. Since most people have smartphones near them at all times, this is a very effective method of determining the position of people in a home and can therefore provide valuable information to those looking to to burglarize.
Tracking and identifying individuals can also be beneficial when trying to identify key personnel, such as security. Using Wi-Fi tracking allows someone to trace the path of security personnel and identify areas that are under-patrolled.
Another potential use of the technology is to allow a burglar to quickly identify where valuables are. and the nature of these valuables. Because MAC addresses are tied to manufacturers, it’s relatively easy to tell if a device is a smart TV, smartphone, or computer. Thus, a scan of a property from the outside can show the most valuable areas to strike first and thus reduce the time needed to successfully burglarize a property.
How can such attacks be countered?
Luckily, most criminals are big idiots who wouldn’t understand a Wi-Fi traffic sniffer, but that doesn’t mean all criminals are. In fact, some criminals can be exceptionally smart, especially hackers, and it’s often that smarts that make them successful. However, the technology demonstrated by the researchers is unlikely to be exploited in the near future due to the complexity involved, but it is possible that future criminals will turn to such exploits.
As such attacks become more likely, what can people do to protect themselves against such attacks? What options are there when it comes to Wi-Fi enabled devices?
Although not exactly an ideal solution, it is possible for devices with Internet capabilities to use the local network In place. By using the local network, an attacker cannot use the vulnerabilities found in Wi-Fi, and while this is not possible for some devices (such as phones and laptops), it can certainly protect some devices , such as security cameras.
Another potential solution to Wi-Fi attacks is to switch to Li-Fi, which requires line of sight. Devices inside a room could all communicate with an access point, but those on the other side of a wall couldn’t detect anything. However, this requires changing a network’s infrastructure, which is expensive, and not all devices support Li-Fi (in fact, almost none do).
Other than using LAN cables, there is very little to do. If those responsible for developing Wi-Fi standards could prevent devices from responding to every connection request, then this attack would be rendered impossible. However, even if current Wi-Fi standards are changedseveral million devices could not receive updates for this (especially if they implement key Wi-Fi protocols at the hardware level) and would therefore remain vulnerable.
Overall, the attack highlighted by the researchers could pose a major threat in the future when the price of electronics drops even lower and the complexity of developing such a device becomes commonplace.