Skip to main content

This Wi-Fi security flaw could let drones track devices through walls

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Professor Ali Abedi flying Wi-Peep standing against brick wall.

The way Wi-Peep works is quite simple — it flies right up to a building, then starts exploiting the inhabitant’s Wi-Fi network (through what many call the Polite Wi-Fi loophole), and locates all Wi-Fi-connected devices inside in seconds. Wi-Peep is thus able to identify the location of individual devices down to 1 meter (3.3 feet) by sending several message packets to each device and measuring the response time on each. Apparently, this method also works with password-protected networks, because devices will still ping a response to any contact attempts by Wi-Peep.

It is therefore not hard to conceive how this (or similar) setup could be used for nefarious reasons. Dr. Abedi, who’s an adjunct professor of computer science at the university explains that “one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”

Wi-Fi vulnerabilities have been exploited in the past, but what sets Wi-Peep apart from bulkier, more complex counterparts is its low cost, ease of assembly, and portability. Of course, it requires someone with the right expertise to create, but Abedi and his team have shown that it can be done.

Abedi is hoping that this revelation can create change for the next generation of Wi-Fi protocols. Meanwhile, he urges Wi-Fi chip manufacturers to have randomized device response times, which can throw off what Wi-Peep is currently able to do.

Editors' Recommendations