Wi-Fi flaw lets drone track your smart devices through walls: How it works
Wi-Fi flaw lets drone track your smart devices through walls: How it works
Wi-Fi is one of the most commonly used wireless standards that is used for connecting devices such as personal computers, tablets, smartphones, printers, smart TVs, smart home devices such as lights and speakers and smart home appliances such as washing machines, refrigerators and air conditioners with the internet in a small space. All of these […] The post Wi-Fi flaw lets drone track your smart devices through walls: How it works appeared first on BGR India.
Wi-Fi is one of the most commonly used wireless standards that is used for connecting devices such as personal computers, tablets, smartphones, printers, smart TVs, smart home devices such as lights and speakers and smart home appliances such as washing machines, refrigerators and air conditioners with the internet in a small space. All of these smart devices create a web of connectivity within the area where a particular Wi-Fi network is available. Now, security researchers have discovered a vulnerability in this technology, that is, Wi-Fi, that can be used for tracking people inside an enclosed space. What’s concerning is that malicious attackers can easily develop a device that uses this vulnerability to track people connected to any Wi-Fi network, however secured that might be, even through walls. A team of researchers at the University of Waterloo in Canada have developed a drone-powered device that can ‘use Wi-Fi networks to see through walls’. The device called ‘Wi-Peep’ can fly near a building and then use the Wi-Fi network in the buildings to identify and locate all Wi-Fi-enabled devices inside in a matter of seconds. While scientists have explored Wi-Fi security vulnerability in the past using bulky and expensive devices, Wi-Peep is notable because of its accessibility and ease of transportation. The researchers built Wi-Peep using a store-bought drone and $20 of easily purchased hardware. What’s concerned is that even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. “The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location to within a metre,” the researchers wrote in a post explaining the way this device works. In theory, this technique can also be used for tracking people inside a building via their Wi-Fi enabled devices, such as smartphones, tablets, laptops and smartwatches. In the heart of this dangerously clever technique lies a Wi-Fi vulnerability called ‘Polite Wi-Fi’, which makes this hack possible. What is ‘Polite Wi-Fi’ vulnerability? Wi-Fi networks, even the ones that use security protocols such as WPA2 in a bid to prevent unauthorised devices from joining, follow a simple rule set to deal with errors in retransmissions in the physical and MAC layers. When a device sends a data packet, the receiving device sends an acknowledgement back to the transmitter. This acknowledgment helps the transmitter to know that the correct receiver has got the data packet that it sent. “We have found that if an attacker sends a fake and unencrypted 802.11 packet to the client device (labeled as victim), the client device sends back an acknowledgment,” Dr Ali Abedi, who is a professor of computer science at the University of Waterloo and the lead researcher responsible for developing Wi-Peep, said in a separate blog post explaining the vulnerability. “We call this behavior Polite Wi-Fi because Wi-Fi devices respond to any stranger with an acknowledgement,” he added. What information can ‘Polite Wi-Fi bug reveal? In the same blog post, Dr Abedi revealed that a hacker with malicious intent can monitor WiFi signals and “infer some information about the environment such as localization, gesture recognition, breathing rate estimation, and keystroke inference”. He also said that this vulnerability can “potentially reveal privacy-sensitive information”. What now? As of now, there is no fix available for this vulnerability as a fix would require fundamental changes in the Wi-Fi standard, which could take years. In the meantime, he had urged Wi-Fi chip manufacturers to introduce an artificial, randomised variation in device response time, which will make calculations like the ones the Wi-Peep uses wildly inaccurate. The post Wi-Fi flaw lets drone track your smart devices through walls: How it works appeared first on BGR India.