A team of researchers from the University of Waterloo has been able to create a device weighing just 10 grams that, mounted on a drone or in anyone’s pocket, can accurately determine the location of any connected device, even through from the walls and using only WiFi networks. The finding, made public during the 28th Annual International Conference on Computing and Mobile Networks (ACM MobiCom 22), has enormous implications for the security and privacy of individuals and institutions.
Mounted on a drone the device, called Wi-Peepyou can fly close to a building and then use the residents’ WiFi network to quickly identify and locate any WiFi-enabled mobile, tablet, computer, smartwatch or TV inside.
To achieve this, Wi-Peep takes advantage of a loophole in the 802.11 protocol, known as ‘Polite WiFi‘, so that it is able to obtain responses from Wi-Fi devices on a network to which we do not have access. In fact, even if a network is password-protected, smartphones and other connectable gadgets will automatically respond to contact attempts from any device within range. So what Wi-Peep does is send multiple messages to a device while it’s flying, and then measure the response time of each one. The result is that the invention manages to locate the device with a precision of less than one meter.
Ali Abedi, Adjunct Professor of Computer Science at Waterloo, explains the importance of his discovery: “Wi-Peep devices are like lights in the visible spectrum and walls are like glass. Using similar technology, anyone could track the movements of security guards within a bank by following the location of their smart phones or watches. Similarly, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good burglary candidate. Also, being able to use the device via drone means it can be used quickly and remotely, with little chance of the user being detected.”
Ali Abedi b Deepak Vasisht, creators of Wi-Peep, write in their article that the device “works without hardware or software modifications to the target devices and without requiring access to the physical space in which they are deployed. Therefore, a pedestrian or a drone carrying a Wi-Peep can estimate the location of every Wi-Fi device in a building.”
The authors of the work also highlight in their article the fact that they did not need to make any large investment to manufacture the device. “Our Wi-Peep design,” they write, “costs just $20 and weighs less than 10g. We implemented it on a lightweight drone and showed that just by flying over a house it can estimate the location of Wi-Fi devices on multiple floors with an accuracy of one meter. Finally, we investigate different mitigation techniques to secure future Wi-Fi devices against these types of attacks.”
“As soon as the vulnerability called Polite WiFi was discovered – says Abedi – we realized that this type of attack was possible.” The authors explain that they built the equipment to prove their theory, and in doing so realized that anyone with the necessary technical knowledge could do the same. “We need to fix the Polite WiFi vulnerability,” says Abedi, “so that our devices won’t respond to strangers. We hope our work will influence the design of next-generation protocols.”
Pending this, the researchers are urging Wi-Fi chip makers to introduce artificial random variation into the device’s response time, which will make calculations like the ones Wi-Peep uses wildly inaccurate.