A half-pound drone purchased from Best Buy and $20 worth of hardware set up by a team of researchers at the University of Waterloo has been found to have Superman-like powers.
Dubbed Wi-Peep, the device can “see” through walls, surreptitiously identifying the locations of smartwatches, phones, laptops and the like with speed and accuracy.
And while it sounds like a bit of fun for the superheroes, the worry is that it could fall into the wrong hands: someone packing houses for an electronics jackpot or tracking the movement of carrying security guards. cellphones inside a bank.
“There is a flaw in Wi-Fi devices, and sooner or later people might start using it for obscure purposes,” said Ali Abedi, a professor at the Waterloo School of Computing and lead researcher. of a new study on privacy and Wi-Fi location. “So our goal is to characterize what can go wrong and try to find solutions.”
Abedi first discovered the flaw in 2020 while experimenting with wireless networks. Previously, it was thought that due to Wi-Fi security protocols, only devices on the same network could “talk” to each other, send and receive small packets of data. The assumption was that if a device received a packet from outside a network, something it didn’t expect, it would ignore it. But when Abedi and his team sent random data packets to 5,000 WiFi-enabled devices, to their surprise, all of them, including the password-protected ones, automatically responded with an acknowledgment.
Calling it “polite Wi-Fi” – the devices were “responding to strangers when they weren’t supposed to” – Abedi said he immediately questioned the risk the loophole posed.
Although no private data could be shared, Abedi thought it was possible to infer all sorts of other information. Was there a way, for example, to force a device to send out a wireless signal and hypothetically find a location, he wondered?
“Location information is very important because many of us carry a WiFi-connected device almost all the time, like a cellphone or smartwatch,” he said.
“Finding the location of the device means finding the location of a person.”
The next step in the research was to buy a cheap one-inch-by-one Wi-Fi module from Amazon, program it, and attach it to a hand-sized drone. A modern two-storey house in Waterloo became the laboratory.
As the drone flew outside, the module sent packets and packets of data, penetrating walls and measuring the response times of devices inside, eventually triangulating the measurements and identifying device locations approximately one meter near.
“I didn’t expect locations to be found so accurately because wireless signals are very complex,” Abedi said, explaining how normally the human body, appliances and other household materials can both absorb and reflect signals.
The results revealed that for relatively little money, a light, fast and precise attack system – the researchers dubbed it Wi-Peep – could exploit the “polite Wi-Fi” flaw.
And because we live in an age of such ubiquitous connectivity, Abedi said, “it’s only a matter of time” before a bad actor uses the methodology to find out if someone is home. or understand the surveillance system in a security-sensitive building.
The threat to real-world privacy risks is “why research like this is so important,” said Toronto cybersecurity expert Alex Cowperthwaite.
“It’s about understanding exactly where the security vulnerabilities are so you can build solutions,” said the R&D technical director of Kroll, where the cyber risk team handles more than 3,000 incidents each year. “So it’s important to go ahead and execute the attack, so that you fully understand all the details.”
The patch proposed by the study introduces a bit of randomness into the amount of time a device acknowledges receiving data, which essentially confuses an attacker. However, Abedi said, since the mechanism requires a hardware upgrade, not a software upgrade, the added protection would have to wait for the introduction of the next generation of devices.
JOIN THE CONVERSATION