Nov 7– A new type of device, developed by researchers from the University of Waterloo, can ‘see through walls’, or more precisely, detect the location of connected and smart devices from significant distances. The implications are unparalleled…
Location-revealing privacy attacks
The device, nicknamed “Wi-Peep”, is really a creepy, repurposed drone. When flying near a building, the drone can engage in what researchers term a “location-revealing privacy attack,” essentially determining the precise locations of user-connected devices (and users) within opaque buildings.
At least one media outlet called the implications “horrifying,” as Wi-Peep can clandestinely collect data, can potentially infer the location of home occupants or building security guards, and may be able to detect building intrusion sensors, among other things.
Theoretically, a criminal could use this information to locate valuable items like laptops and identify ideal opportunities to engage in theft – either when building occupants are away, or when all office workers or home occupants are gathered in a single area, away from the valuable devices, as revealed by smart phone or smart watch tracking data.
How does it work?
According to the researchers, the “Wi-Peep” device exploits security deficiencies in IEEE 802.11. This is a longstanding wireless protocol for local access networks, which has seen a litany of problems related to data interception and eavesdropping. The program uses what is known as a “time-of-flight” technique, which leverages a data manipulation trick to assess the physical distance between a signal and an object. All of this is possible on account of a security “loophole” that exists in the vast majority of WiFi networks.
The “Wi-Peep” device can be used quickly and remotely and is unlikely to be detected. Researchers state that this discovery will ideally inform the design of next-generation WiFi protocols.
In the interim, the researchers recommend that WiFi chip manufacturers introduce an artificial, randomized variation in device response time, which will render the calculations used by devices like “Wi-Peep” wildly inaccurate.