In a society so dependent on technology, electronics and telecommunications, security has become a key element to protect our daily lives. In addition to the efficiency, speed, and usability of the hundreds of electronic devices, computing devices, and telecommunications networks we all use, knowing and revealing their potential weaknesses has also become an essential task. Every year the International Conference on Mobile, Computing and Networking where, in addition to presenting the latest developments and groundbreaking developments, exposing errors and gaps in this area also takes up an important part of the presentations. And during the latest edition of this MobiCom 2022, a disturbing loophole in the security of uncooperative Wi-Fi devices was revealed.
Those responsible for this presentation are two researchers from the Canadian University of Waterloo who: developed a device, powered by a drone, which can “use a home or building’s Wi-Fi networks to see through walls”. The development and its implications for privacy and security are collected in a published article a few weeks ago in the minutes of the conference itself.
They’ve renamed it “Wi-Peep”, a play on words that would mean something like “covert observer over WiFi”, a sort of voyeur who takes advantage of the gaps in a specific protocol (802.11) of WiFi devices to obtain information about a network that you do not have access to. “Even if a network is password protected, Wi-Fi devices will automatically respond to contact attempts from any other device within range,” the authors at TechXplore explain. “Wi-peep sends multiple messages to a device while it’s flying the drone, then measures the response time on each device so it can pinpoint the device’s location to within one meter.”
The operation is so simple that it is disconcerting not to have noticed this error until now. The drone sends out signals and measures the response it gets… anyone or, in this case, a drone (which has better access to the outside of a house) can estimate the location of any Wi-Fi in a building.
At first glance, we might think it’s not too worrisome to know the location of certain devices and networks, until the authors themselves explain some applications and data that a potential criminal could have access to. “Using comparable technology, anyone could follow the movements of guards in a bank tracking the location of their phones or their smart watches. A thief can too identify the location and even type of smart devices in a home, including the alarm and any security cameras, laptops or smart TVs so you know where the juiciest loot for a heist is. Controlling the device from a drone also allows it to be used quickly and remotely, meaning the thief can plan his robbery without even being near that house.”
This same team of researchers has already done several studies on the vulnerability of Wi-Fi security, but they had to use bulky and expensive devices. However, the new development is for its accessibility and ease of transport and can be installed on even the most basic of drones. The researchers even performed the demonstration using a drone that they bought for about $20 from a non-specialist store.
Once we discovered this loophole in Wi-Fi networks, we realized that this type of privacy attack was possible and to prove it, we built and tested the device with a simple drone. At a fundamental level, we need to resolve this loophole in Wi-Fi protocols so that our devices don’t respond to strangers, and we hope our work will contribute to the design of more secure, next-generation protocols.”
More interesting technology articles and news on Yahoo:
Scientific references and more information:
Abedi, Ali and Deepak Vasisht. «Non-cooperative Wi-Fi localization and its privacy implications». Proceedings of the 28th Annual International Conference on Mobile Computing And Networking, Association for Computing Machinery, 2022, DOI: 10.1145/3495243.3560530.
University of WaterlooResearchers discover security gaps that allow attackers to use Wi-Fi to see through wallsTechXplore