A drone using a widespread security flaw to detect Wi-Fi networks from within buildings has been developed by the University of Waterloo (UOW) in Canada, raising fears that similar devices are being used to carry out criminal activities.
In a press release, the university states reported (opens in new tab) on developments first published in a paper (opens in new tab) by dr. Ali Abedi, adjunct professor of computer science at UOW, and Deepak Vasisht, assistant professor of computer science at the University of Illinois Urbana-Champaign, entitled “Uncooperative Wi-Fi Localization and Its Privacy Implications.”
The device, known as the Wi-Peep, is a custom consumer drone that sends messages to connected devices as it flies, and can track their location “within a meter” by exploiting a known vulnerability known as “polite Wi-Fi”. . Aside from the cost of a drone, the device reportedly costs $20 in parts, making it easy for criminals like thieves to assemble.
The implications of polite Wi-Fi
Polite Wi-Fi means smart devices respond to connection requests even if they are password secured and the connection is rejected. The Wi-Peep can track devices so accurately by continuously sending contact messages to all devices in range.
In a statement, Abedi contextualized the threat posed by similar devices to security in the home and beyond.
“With similar technology, one could track the movements of guards in a bank by tracking the location of their phones or smartwatches,” he said.
“Likewise, a thief can identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in.”
“In addition, drone control means that the device can be used quickly and remotely with little chance of the user being detected.”
The Wi-Peep was assembled to test the theory that these types of attacks would be possible after the identification of the Polite Wi-Fi loophole. In his statement, Abedi called for a comprehensive solution, “so that our devices don’t respond to strangers.”
He also suggested that until then, Wi-Fi chip manufacturers could introduce randomized response times to reduce the accuracy of device location reporting by devices like the Wi-Peep.
Before a solution is released, businesses and homeowners should be concerned about the proliferation of Internet of Things (IoT) devices and the growing accepted wisdom that all devices, from cars to refrigerators to barbecues, benefit from internet connectivity.