Skip to main content

This Wi-Fi security flaw could let drones track devices through walls

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Professor Ali Abedi flying Wi-Peep standing against brick wall.

The way Wi-Peep works is quite simple — it flies right up to a building, then starts exploiting the inhabitant’s Wi-Fi network (through what many call the Polite Wi-Fi loophole), and locates all Wi-Fi-connected devices inside in seconds. Wi-Peep is thus able to identify the location of individual devices down to 1 meter (3.3 feet) by sending several message packets to each device and measuring the response time on each. Apparently, this method also works with password-protected networks, because devices will still ping a response to any contact attempts by Wi-Peep.

It is therefore not hard to conceive how this (or similar) setup could be used for nefarious reasons. Dr. Abedi, who’s an adjunct professor of computer science at the university explains that “one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”

Wi-Fi vulnerabilities have been exploited in the past, but what sets Wi-Peep apart from bulkier, more complex counterparts is its low cost, ease of assembly, and portability. Of course, it requires someone with the right expertise to create, but Abedi and his team have shown that it can be done.

Abedi is hoping that this revelation can create change for the next generation of Wi-Fi protocols. Meanwhile, he urges Wi-Fi chip manufacturers to have randomized device response times, which can throw off what Wi-Peep is currently able to do.

Editors' Recommendations

Aaron Leong
Computing Writer
Aaron enjoys all manner of tech - from mobile (phones/smartwear), audio (headphones/earbuds), computing (gaming/Chromebooks)…
Despite serious security flaws, D-Link will (again) not patch some routers
modem vs router plugging in

For the second time in roughly a year, D-Link has failed to act on warnings from security researchers involving the company's routers. The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted D-Link last May about three vulnerabilities affecting eight router models. Following the warning, D-Link patched two of the affected routers, but did not initially reveal how it would proceed for the remaining six models. After further prompting from Adamczyk, D-Link revealed that the remaining six routers would not get a security patch because they were considered end-of-life models, leaving affected owners out in the cold.

"The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 in 2014," Naked Security reported. Though these are not current models in D-Link's portfolio, many of the listed models are still likely to be in use.

Read more
Wi-Fi vulnerability could allow attackers to steal your data on unencrypted sites
the fbi wants you to reboot your router insecure getty

Computer scientists at the University of California, Riverside, have discovered a security flaw that affects all Wi-Fi routers. Hackers could exploit the weakness in the transmission control protocol (TCP) and perform a web cache poisoning attack to steal passwords, login information, and other private data. Unfortunately, a fix isn't possible, as the vulnerability stems from a 20-year-old design based on TCP and Wi-Fi. To prevent hackers from using the exploit, researchers recommend that manufacturers build routers that operate on different frequencies for transmitting and receiving data.

Fortunately, this attack technique won't work with encrypted sites that use HTTPS and HSTS. Users on Ethernet connections are similarly not affected. Given that the attack won't work on encrypted sites, most users who browse the internet on a modern browser shouldn't be affected. Many browsers, including Google's Chrome, already warn users if they visit an unencrypted site.

Read more
After 14 years, a new generation of Wi-Fi security is coming. Here’s what to know
Linksys WRT3200 ACM router review

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.

Wi-Fi Protected Access (WPA) is something that internet users the world over have enjoyed the protection of for nearly two decades in one guise or another, but because it's so unobtrusive, you might never have noticed it.

Read more