OT: Technique to map interior security cameras, Wi-Fi and people by drone

WiFi’s friendliness to other devices might pose a significant threat in the wrong circumstances. University of Waterloo researchers have discovered a security flaw in the networking standard that lets attackers track devices through walls. The technique identifies the location of a device within 3.3ft just by exploiting WiFi devices’ automatic contact responses (even on password-protected networks) and measuring the response times. You can identify all the connected hardware in a room, and even track people’s movements if they have a phone or smartwatch.

The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied. It could also be used to follow a security guard, or even to help rival hotels spy on each other by gauging the number of rooms in use.

There have been attempts to exploit similar WiFi problems before, but the team says these typically require bulky and costly devices that would give away attempts. Wi-Peep only requires a small drone and about $15 US in equipment that includes two WiFi modules and a voltage regulator. An intruder could quickly scan a building without revealing their presence.



OT - This annoys me. Why must people add unwarranted precision when converting units? Why convert units at all?

This was undoubtedly first given as 1 meter. No native user of inches/feet/yards/miles would call anything 3.3 feet. And given the imprecise nature of the original estimate, additional precision is unwarranted. So call it 3 feet. Or better yet, 1 yard. It’s just an estimate or an average of a measurement that is by it’s nature going to vary slightly based on circumstances.

Best, of course, would be to leave it as a meter.



Seems to me this is a solution looking for a problem. The risks of WiFi are known and readily available to anyone. If you really need security, you won’t have any WiFi at all.

Anyone smart enough to use this technique isn’t going to bother with low value targets like a home. And places that are high enough value targets should have enough additional security to make this information not terribly helpful.

But it still does make sense to raise it as a potential risk and encourage chip makers to randomize response times - or even allow devices/users to choose whether to respond at all.