Researchers at the University of Waterloo in Ontario have built a flying scanning device capable of triangulating the location of any device connected to a local WiFi network.
This discovery, called Wi-Peep by its authors Ali Abedi and Deepak Vasisht, was presented during the 28th edition of MOBICOM, the annual international conference on mobile computing and networks.
What does this technology allow?
Wi-Peep comes into play in what its inventors call a location-revealing privacy attack. These are actions by which the system is able to manipulate data in WiFi networks and use it to “see through walls” or, even better, to roughly determine the location of devices through diverted scans.
Researchers say their device exploits security flaws in IEEE 802.11, a wireless protocol long used in local access networks that has long had issues with eavesdropping and data logging. . Most WiFi networks are configured by default to automatically respond to contact attempts from devices within range, even if the network is password protected.
How does Wi-Peep work on a drone?
Wi-Peep first emits a signal with which it tries to connect to individual devices in the local network, then, thanks to a ToF (time-of-flight) measurement system, it seeks to locate their position in a specific area, such as a building.
That’s not all, because thanks to the MAC address (the unique identifier assigned to each device connected to a network), the system can also determine the type of device it has located, another very useful piece of information. to understand if and how a particular device is moved, as it indicates an action on the part of the owner. And indeed, during his presentation, Abedi speculated that the tool could be used, for example, to track the movements of security guards inside a bank by tracking the location of their smartphones or smartwatches.
The drone is the innovative hardware-modified way to carry out the attack, the solution that offers attackers the ability to carry out their hacking attempt with less risk of being discovered, because it is possible to physically bring the device of the local network that we want to hit, operating quickly and with greater security from a distance.