Vulnerability: drone determines locations of smart devices

A research team from the University of Waterloo shows how easily an off-the-shelf drone can become a burglary aid. The “Polite WiFi Loophole” vulnerability discovered in 2020 makes it possible.


As part of the Wi-Peep drone project, a research team from the University of Waterloo is demonstrating how an off-the-shelf drone equipped with an inexpensive Wi-Fi module can become a valuable tool in burglaries and other crimes.


Wi-Peep detects location of smart devices

When the “Wi-Peep” sends out its signal, walls become practically glass. The small drone-based system recognizes within a few seconds where smart devices such as tablets or smartwatches are located in a building – even if they interact in a password-protected network.

This is made possible by a vulnerability in the 802.11 protocol for local access networks, which Professor Ali Abedi’s team discovered back in 2020 and dubbed “Polite WiFi Loophole”. Smart devices try to network with each other – even if they are not registered in the same network.

This is what Wi-Peep takes advantage of. The drone-based system flies around a building and repeatedly sends contact requests to the devices inside. Depending on the response time, it can determine how far away the respective device was at the moment of the request. The data collected in this way ultimately results in an approximate location of the pinged devices.

“The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass.” Professor Ali Abedi (University of Waterloo)

Virtual vulnerability facilitates physical crimes

In the wrong hands, technologies like Wi-Peep would undoubtedly be a welcome tool for criminals, allowing them to scout out lucrative targets, bypass security cameras, and even use smartphones and smartwatches to create movement patterns of potential victims. Since the spying is conveniently done by drone, the criminals can even act safely from a distance.

To prevent attacks of this kind from becoming a common tool, the researchers at the University of Waterloo are calling for the security gap to be closed as quickly as possible. They say they hope their work will feed into the development of next-generation protocols.

One workaround Abedi thinks would be to introduce an artificial, random variation in the response time of devices when manufacturing Wi-Fi chips. This would make location calculations like Wi-Peep’s very inaccurate – drone determines locations of smart devices.

Source: University of Waterloo