Wi-Peep Reveals The Weakness In Polite WiFi

Researchers at Ontario’s University of Waterloo have created a drone-powered airborne scanning device that can triangulate the location of every WiFi-connected device within a building.

The device – called Wi-Peep – engages in what the researchers call a “location-revealing privacy attack,” manipulating the data in WiFi networks and using it to “see through walls.” It exploits security deficiencies in IEEE 802.11 – a wireless protocol for local access network – by taking advantage of a loophole termed “polite WiFi.” Despite being password protected, a network will automatically respond to contact attempts from any device within range. The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device’s location within one meter.

Dr. Ali Abedi, the team leader, explained “The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass. Using similar technology, one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device’s operation via drone means that it can be used quickly and remotely without much chance of the user being detected.”

The Wi-Peep differs from previous devices used to track internet-connected devices in that it is highly accessible and easy to transport. Abedi’s team built it using a store-bought drone and $20 of readily available hardware. Abedi suggests that WiFi chip manufacturers should introduce an artificial, randomized variation in device response time, which would make calculations such as those performed by the Wi-Peep inaccurate.

“As soon as the Polite WiFi loophole was discovered, we realized this kind of attack was possible,” Abedi said. “On a fundamental level, we need to fix the Polite WiFi loophole so that our devices do not respond to strangers. We hope our work will inform the design of next-generation protocols.”