Researchers Build Creepy Drones That Can ‘See’ Other Wi-Fi Devices Through Walls
A pair of researchers at the University of Waterloo and the University of Illinois have created what they call “Wi-Peep,” a system that uses the data in Wi-Fi networks to locate devices behind closed doors. Wi-Peep itself consists of a low-cost ESP8266 Wi-Fi microchip, an ESP32 Wi-Fi and Bluetooth microcontroller, a microSD module, and a voltage regulator. The researchers attached these to a lightweight drone—an unnecessary but convenient addition that enhances their creepy project’s mobility.
Using what the researchers refer to as a “location-revealing privacy attack,” Wi-Peep exploits security gaps in the local access network protocol known as IEEE 802.11. Because wireless devices are typically made to accept connection requests (known as “contact attempts”) from other devices in close proximity, Wi-Peep can use Time-of-Flight (ToF) signals to ping a device it has no business attempting contact with. Wi-Peep can then use the resulting feedback to approximate the distance between itself and the target device.
How does Wi-Peep know what type of device it’s “seeing?” A device’s attributes are discoverable through its media access control (MAC) address, which is used to uniquely identify each device on a network. By gaining hold of a target device’s MAC address, Wi-Peep can help confirm whether an item is indeed the smart TV, tablet, smart home assistant, or another device it’s suspected to be.
The researchers, who specialize in computer science and the Internet of Things (IoT), are well aware that Wi-Peep and similar technologies can be wielded with malicious intent. In a presentation at MobiCom 2022, they expressed concern that bad actors could use Wi-Peep to track the locations of security guards in a bank or of unwitting families inside a residence.
But devices like Wi-Peep could have even broader privacy implications. Police officers—some of whom have made it clear they’re not above falsifying warrant information to invade people’s homes—could use the tech to conduct home and vehicle searches without people’s knowledge or consent. Insurance companies could use it to sneakily verify applications and claims, abusive exes could use it to control or spy on their former partners, and burglars could locate valuable electronics before strategizing a break-in.
Wi-Peep is a demonstration of the dire need for improved network protocol protections, as the researchers noted at MobiCom 2022. Whatever follows IEEE 802.11—a protocol known for its data interception loopholes—should be tougher to compromise than its predecessor. That is, unless we want people monitoring our home devices from the outside.