Drone-powered device uses Wi-Fi to see through walls

The device, nicknamed Wi-Peep, can fly near a building and then use the inhabitants’ Wi-Fi network to identify and locate all Wi-Fi-enabled devices inside in a matter of seconds.

The Wi-Peep exploits a loophole the researchers call polite Wi-Fi. Even if a network is password-protected, smart devices will automatically respond to contact attempts from any device within range.

The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location to within a metre.

“The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass,” said Dr Ali Abedi, who studies computer science at UW.

“Using similar technology, one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in.

“In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”

While scientists have explored Wi-Fi security vulnerability in the past using bulky, expensive devices, the Wi-Peep is notable because of its accessibility and ease of transportation. The researchers built it using a store-bought drone and Can$20 of easily purchased hardware.

“As soon as the Polite Wi-Fi loophole was discovered, we realised this kind of attack was possible,” Abedi said.

The team built the Wi-Peep to test their theory and quickly realised that anyone with the right expertise could easily create a similar device.

“On a fundamental level, we need to fix the Polite WiFi loophole so that our devices do not respond to strangers,” Abedi said. “We hope our work will inform the design of next-generation protocols.”

In the meantime, he urges WiFi chip manufacturers to introduce an artificial, randomised variation in device response time, which will make calculations like the ones the Wi-Peep uses wildly inaccurate.

It has previously been demonstrated that drones can steal information from “air-gapped” computers by reading data from the pulsating light of their hard drive.