A security flaw allows you to “see” walls thanks to Wi-Fi

A Wi-Fi network, a small drone, and $20 worth of hardware: that’s all an attacker needs to know what’s going on on the other side of a wall.

In work seen by Interesting Engineering, a research team based at the University of Waterloo, Canada, recently revealed a security flaw that could allow a malicious person to track the movements of certain objects – and by extension, to the people who wear it – through a wall.

The device, which is called Wi-Peep, a small printed circuit board with a Wi-Fi interface and some other common sensors. The researchers explained that all the necessary equipment costs under $20. An almost absurd price given its capabilities; he really can see through walls » using a Wi-Fi network.

If such a network is contacted, the device in question can only connect to it if it is authenticated – if the user has a password, in short. But otherwise, the network will not remain completely silent. It sends back some snippets of data, mainly to indicate that authentication failed.

Exploiting innocent responses from a network

And this behavior, called ” Wi-Fi courtesy “, which Canadian researchers were able to exploit. They put their Wi-Peep in a standard small drone. Operating in front of a building, it bombards all network access points with requests. And since he obviously doesn’t have a password, he gets a lot of negative responses.

It then measures the response time associated with each signal collected from different locations; Wi-Peep can do just that triangulation. This allows the attacker to know the physical location of each of these devices. The result is not very accurate. But you are still allowed to find items with a margin of error in the order of one meter. And this, even with a completely opaque and relatively thick wall.

© University of Waterloo

This may allow malicious people to search a home in search of some valuable items. For example, we can talk about connected TVs or laptops. In addition, potential intruders may also find some non-standard monitoring and alert systems; Kits of this type can be found almost everywhere on the market, and they are usually not very safe.

A similar system makes it possible to track individuals. ” With similar technology, it is possible to track the movements of security guards in a bank by tracking their smartphones or smartwatches. “, explained Ali Abedi, lead author of the study.

An error is not necessarily critical, but still important

The concern is that it is an easy system to set up. It is possible to buy a first drone for a few tens of euros, and the $20 components needed to make a Wi-Peep are not a hindrance either. In addition, the software part is so small that any programmer with minimal experience can design an equivalent and exploit it for criminal purposes.

This error is not entirely critical, because in practice, consumer drones will have difficulty approaching sensitive infrastructure without attracting attention. In addition, networks of important buildings are generally well protected; so there is almost no risk that a Wi-Peep could listen in on the gates of the Élysée or a nuclear power plant, for example.

But on a smaller scale, it’s still a significant vulnerability. “ At a basic level, we need to fix this vulnerability so that our devices don’t always respond to strangers. said Abedi.

Unfortunately, it will not be closed in the short term, because the behavior exploited by the program is an important part of the operation of classic Wi-Fi networks. So the Canadian researchers hope that engineers will consider their findings in the future. ” We hope that our work will contribute to the design of the next generation of Wi-Fi protocols Abedi suggested.

In the meantime, the research team still developed a countermeasure. The authors of the study explained that the manufacturers of Wi-Fi chips can introduce random variations in response timee, which greatly reduces the accuracy of the triangulation — and therefore the practical interest of this attack.

It remains to be seen if manufacturers will consider this work when Wi-Fi7 is launched, which is expected to begin in 2024.

Leave a Reply

Your email address will not be published. Required fields are marked *