Carefully! A new drone could reveal your secrets thanks to a Wi-Fi vulnerability | Media Pyro

Your home Wi-Fi connection can reveal your secrets.

Researchers have developed a new drone that exploits security flaws to detect Wi-Fi networks inside buildings. The device can fly near a building and then use the occupants’ Wi-Fi network to identify and locate all Wi-Fi-enabled devices inside within seconds. Experts say this is an example of the privacy risks inherent in many Wi-Fi devices.

“Wi-Fi and closely related short-range technologies such as Bluetooth are radio technologies, meaning they have signals that can be identified, located, recorded, tracked, or jammed,” Mike Parkin, a cybersecurity engineer at the company Vulcan Cyber. , told Lifewire in an email interview. “There is an inevitable trade-off between mobility and security with such mobile technologies. While better encryption makes it harder for attackers to know what’s being said, the nature of Wi-Fi means they’ll know who’s talking and where they are. ”

Droning On

The drone, invented at the University of Waterloo in Canada, uses a loophole that researchers call “Polite Wi-Fi.” Even if the network is password protected, smart devices will automatically respond to attempts to communicate with any device within range. During flight, the drone sends several messages to the device and then measures the response time for each, allowing it to determine the location of the device with an accuracy of one meter.

“Using this kind of technology, it would be possible to track the movements of security guards inside a bank by tracking the location of their phones or smartwatches,” Ali Abedi, a professor of computer science at Waterloo and the inventor of the drone, said in the new release. “Similarly, a thief can determine the location and type of smart devices in the home, including security cameras, laptops and smart TVs, to find a good candidate to break into.”

The team behind the drone said anyone with the right experience could easily build a similar device. “At a fundamental level, we need to fix the Polite Wi-Fi loophole so that our devices don’t respond to strangers,” Abedi said. “We hope our work will help develop the next generation of protocols.”

Meanwhile, he urges Wi-Fi chip makers to introduce an artificial, random variation in the device’s response time that would make calculations like those used by a drone wildly inaccurate.

Staying safe

Matthew T. Carr, head of research and technology at cybersecurity company Atumcell, told Lifewire via email that Wi-Fi is inherently vulnerable to eavesdropping, even on fully upgraded and patched systems. He said Wi-Fi depends on the devices using the network to be “honest” about their identity. “Criminals can gain unauthorized access by masquerading as legitimate,” he added.

If possible, avoid using public Wi-Fi, Carr said. Instead, use your phone as a cellular hotspot. “Your phone will act as a modem and router, which means no one can eavesdrop,” he added. “Cellular data services are much more secure and much faster than they were years ago.”

You can also turn off Wi-Fi on your phone to prevent it from accidentally connecting to an unsecured network. Most people know that connecting to a public Wi-Fi network can be dangerous, but many may not realize that their devices can automatically connect to a Wi-Fi network if they don’t adjust their settings, says Emma McGowan, a privacy expert at Avast Internet Cyber ​​Security. , said in an email interview with Lifewire.

“Setting up a VPN, or virtual private network, is one of the fastest and easiest ways to stay secure and completely private when connecting to different Wi-Fi networks,” McGowan added. “VPNs encrypt the data that passes between your computer and your ISP, which can help prevent potential hackers from viewing your online activity.”

If you must use public Wi-Fi, make sure your own device is fully updated and patched, Carr said. “Don’t wait to apply patches to your operating system and applications, because when unpatched phones are combined with their own Wi-Fi vulnerabilities, your data can easily be compromised.”

But Mark Lambert, vice president of software solutions at cybersecurity company ArmorCode, said in an email that software solutions won’t always help.

“Any device with cellular, Bluetooth or Wi-Fi can be compromised,” he said. “You should always turn these features off when not in use, disable ‘discovery features’ and never connect to a source you are unfamiliar with.”