WiFi security flaw lets a drone track devices through walls

0

WiFi’s friendliness to other devices might pose a significant threat in the wrong circumstances. University of Waterloo researchers have discovered a security flaw in the networking standard that lets attackers track devices through walls. The technique identifies the location of a device within 3.3ft just by exploiting WiFi devices’ automatic contact responses (even on password-protected networks) and measuring the response times. You can identify all the connected hardware in a room, and even track people’s movements if they have a phone or smartwatch.

The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied. It could also be used to follow a security guard, or even to help rival hotels spy on each other by gauging the number of rooms in use.

There have been attempts to exploit similar WiFi problems before, but the team says these typically require bulky and costly devices that would give away attempts. Wi-Peep only requires a small drone and about $15 US in equipment that includes two WiFi modules and a voltage regulator. An intruder could quickly scan a building without revealing their presence.

Research lead Dr. Ali Abedi is calling for changes to the WiFi standard to prevent devices from responding to “strangers.” That may take years, however, and Abedi suggests that hardware makers address the issue in the meantime by introducing randomized response times. The chances of burglars using drones to map your home devices aren’t high at this stage (they’d still need the know-how), but there are things developers can do to thwart these aerial spying efforts.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.

FOLLOW us ON GOOGLE NEWS

 

Read original article here

Denial of responsibility! TechCodex is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More