WiFi security flaw allows drone to track devices through walls

Wi-Fi friendliness with other devices can pose a significant threat under the wrong circumstances. Researchers at the University of Waterloo have discovered a security flaw in the networking standard that allows attackers to track devices through walls. The technique identifies a device’s location within 3.3 feet simply by exploiting automatic contact responses from WiFi devices (even on password-protected networks) and measuring response times. You can identify all connected hardware in a room and even track people’s movements if they have a phone or smartwatch.

Scientists tested the feat by modifying a standard drone to create a flying scanning device, the Wi-Peep. The robotic plane sends multiple messages to each device as it flies, establishing the positions of the devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for security cameras and other signs that a room is being watched or occupied. It could also be used to track a security guard, or even to help rival hotels spy on each other by measuring the number of rooms in use.

There have been attempts to exploit similar WiFi issues before, but the team says these usually require large and expensive devices that would give up attempts. Wi-Peep only requires a small drone and about US$15 in equipment which includes two WiFi modules and a voltage regulator. An intruder could quickly scan a building without revealing their presence.

Research leader Dr Ali Abedi calls for changes to the WiFi standard to stop devices responding to ‘strangers’. This can take years, however, and Abedi suggests that hardware makers fix the problem in the meantime by introducing random response times. The odds of burglars using drones to map your home devices aren’t high at this point (they would still need the know-how), but there are things developers can do to thwart these aerial snooping efforts. .

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase something through one of these links, we may earn an affiliate commission. All prices correct at time of publication.

Source link