Researchers at the University of Waterloo have developed a drone that can use Wi-Fi networks to see through walls.
The drone, named Wi-Peep, can fly near a building and then use the building owner’s Wi-Fi network to identify and locate all Wi-Fi-enabled devices in a few seconds.
The exploit works even in a protected password network and can see smart devices that are within the range of the drone. Wi-Peep sends several messages to a smart device as it flies and then measures the response time on each, enabling it to identify the device’s location to within a meter.
“The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass,” said Ali Abedi, a professor of computer science at the University of Waterloo. “Using similar technology, one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops and smart TVs, to find a good candidate for a break-in.”
And because the operation is done via drone, the operator is harder to identify and detect, Abedi said.
Researchers built the device for $20 off-the-shelf and wanted to test the theory and realized that anyone with just a bit of expertise could create a similar device. Additionally, the company wanted to bring attention to the loophole so smart device manufacturers could fix it for next generation protocols.
The university also recommends that Wi-Fi chip makers introduce an artificial, randomized variation in device response time that will make calculations like the ones from Wi-Peep wildly inaccurate.
The complete research can be found in the journal Association for Computing Machinery.