Researchers Build Creepy Drones That Can ‘See’ Other Wi-Fi Devices Through Walls

Researchers Build Creepy Drones That Can ‘See’ Other Wi-Fi Devices Through Walls

A pair of researchers at the University of Waterloo and the University of Illinois have created what they call “Wi-Peep,” a system that uses the data in Wi-Fi networks to locate devices behind closed doors. Wi-Peep itself consists of a low-cost ESP8266 Wi-Fi microchip, an ESP32 Wi-Fi and Bluetooth microcontroller, a microSD module, and a voltage regulator. The researchers attached these to a lightweight drone—an unnecessary but convenient addition that enhances their creepy project’s mobility.

Using what the researchers refer to as a “location-revealing privacy attack,” Wi-Peep exploits security gaps in the local access network protocol known as IEEE 802.11. Because wireless devices are typically made to accept connection requests (known as “contact attempts”) from other devices in close proximity, Wi-Peep can use Time-of-Flight (ToF) signals to ping a device it has no business attempting contact with. Wi-Peep can then use the resulting feedback to approximate the distance between itself and the target device.

Researchers Build Creepy Drones That Can ‘See’ Other Wi-Fi Devices Through Walls

How does Wi-Peep know what type of device it’s “seeing?” A device’s attributes are discoverable through its media access control (MAC) address, which is used to uniquely identify each device on a network. By gaining hold of a target device’s MAC address, Wi-Peep can help confirm whether an item is indeed the smart TV, tablet, smart home assistant, or another device it’s suspected to be.

The researchers, who specialize in computer science and the Internet of Things (IoT), are well aware that Wi-Peep and similar technologies can be wielded with malicious intent. In a presentation at MobiCom 2022, they expressed concern that bad actors could use Wi-Peep to track the locations of security guards in a bank or of unwitting families inside a residence.

But devices like Wi-Peep could have even broader privacy implications. Police officers—some of whom have made it clear they’re not above falsifying warrant information to invade people’s homes—could use the tech to conduct home and vehicle searches without people’s knowledge or consent. Insurance companies could use it to sneakily verify applications and claims, abusive exes could use it to control or spy on their former partners, and burglars could locate valuable electronics before strategizing a break-in.

Wi-Peep is a demonstration of the dire need for improved network protocol protections, as the researchers noted at MobiCom 2022. Whatever follows IEEE 802.11—a protocol known for its data interception loopholes—should be tougher to compromise than its predecessor. That is, unless we want people monitoring our home devices from the outside.

Continue reading

Google CEO Promises to Investigate Exit of Top AI Researcher
Google CEO Promises to Investigate Exit of Top AI Researcher

Google CEO Sundar Pichai has waded into the furor surrounding the termination of AI ethicist Dr. Timnit Gebru, but his memo may not help the situation much.

Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019
Security Researcher: ‘solarwinds123’ Password Left Firm Vulnerable in 2019

SolarWinds, the company at the center of the massive hack that hit US government agencies and corporations, doesn't exactly use cutting-edge password techniques.

Researchers Develop Whitest Paint Ever to Combat Climate Change
Researchers Develop Whitest Paint Ever to Combat Climate Change

Aside from being a neat technical feat, the team believes the new white paint could help address climate change by saving loads of power.

Researchers: 2.5 Billion Tyrannosaurus Rexes Walked the Earth
Researchers: 2.5 Billion Tyrannosaurus Rexes Walked the Earth

A new analysis from the University of California Berkeley estimates that there were about 20,000 adult Tyrannosaurs at any given time during the Cretaceous period. Add that up over millions of years, and there could easily have been 2.5 billion of these dinosaurs in total.