Just as guns don’t kill people (people kill people), drones aren’t all bad – but they can be used to do bad things. Like dropping bombs on innocent people. Or, as CNN Money reports, hackers can use them to swoop in and swipe sensitive person information entered into your smartphone from high in the sky.
Developed by Sensepost Research Labs security researchers Glenn Wilkinson and Daniel Cuthbert, the dastardly piece of “distributed tracking and profiling framework” technology at work here is called Snoopy, and it can be loaded into anything from another mobile phone to a Raspberry Pi mini-computer to, of course, a quadcopter (drone).
Here’s how Snoopy works (you can read a more technical explanation here): Anytime you use a Wi-Fi network, your smartphone or tablet “remembers” that network, so it can more easily connect the next time you’re in range. It does this by pinging each network to see if it’s available. Snoopy exploits this feature by identifying a previously used network, then it pretends to be that network, so your smartphone or tablet connects to it, and you are none the wiser.
Once your device is connected to the false Wi-Fi, Snoopy can then collect any information you send over the tapped network, from Facebook login credentials to bank account details. It also collects your device’s unique ID number, your GPS coordinates, and your signal strength.
Not only can Snoopy be used to snag the personal information of individuals, the information collected by Snoopy gives its users the ability to build profiles of targets.
“Simple analysis could be along the lines of ‘Hmm, you’ve previously connected to hooters, mcdonalds_wifi, and elCheapoAirlines_wifi – you must be an average Joe” vs ‘Hmm, you’ve previously connected to “BA_firstclass, ExpensiveResataurant_wifi, etc – you must be a high roller,” write the researchers on the Sensepost blog.
With some additional GPS and network data from sites like Wigle, and a group of Snoopy-packed “drones,” the researchers say, and they have the ability to find out a great deal of information about people’s movements.
“The result,” they write, ” you walk past a drone, and I get a street view photograph of where you live, work and play.” You can almost see the NSA drooling.
Wilkinson and Cuthbert are set to show off Snoopy at the Black Hat Asia cybersecurity conference next week – meaning this technology isn’t exactly widespread, or much of a threat right now. And by presenting their technology at Black Hat, the researchers are giving smartphone and tablet makers the ability to build in fixes. In the mean time, you can always disable Wi-Fi on your device when you’re not using it. That doesn’t guarantee safety – but it certainly can’t hurt.
