Miscellaneous 4 min. read

Hacker Drones: New Research Shows They Can Spoof Wi-Fi and Steal Data

If you spot something suspicious in the skies of London, you may want to deactivate the WiFi on your phone. Researchers have been testing a new type of cyber hacking in the city with quadcopters that hover overhead while gathering data from your smartphone. Though the individuals behind this experiment are not malicious, the technology could easily fall into the wrong hands.

A Drone Named Snoopy

The drone used in this SensePost experiment is dubbed “Snoopy.” Unfortunately, the technology isn’t necessarily as sweet and innocent as the project’s namesake. The project was first introduced at the 2012 44Con Conference in London. Researchers shared findings of more recent testing with the drone at the Black Hat Asia cybersecurity conference in March 2014.

At the security conference, developer Glenn Wilkinson offered BBC a preview of the technology. In minutes, he had smartphone information from hundreds of Black Hat attendees. Believe it or not, however, this trick is far from original — Wilkinson says he has gathered data from attendees at every security conference he’s attended for the last 18 months. After collecting the information, he presents attendees with pictures of their home or office to highlight the powerful potential of this sleek little drone.

How Snoopy Works

While the concept of a drone stealing your smartphone data may seem revolutionary, none of the technology used in the device is new. Snoopy simply uses a clever combination of existing technology and takes to the air where previous products of this kind remained earthbound.

Snoopy gathers smartphone data using unsecured WiFi connections. Many smartphone users leave their WiFi on at all times. The phone constantly sends out signals searching for familiar networks. Snoopy intercepts these signals and uses them as an entry point to gather valuable information from the user.

What Your WiFi Connections Say About You

Even before Snoopy has accessed your most valuable data, it can build a profile on you based on your previous WiFi connections. Your home and work are likely included in your most frequented networks alongside restaurants, coffee shops, libraries, and schools, among others. A profile that includes executive offices of a Fortune 500 company and upscale restaurants will make you a more enticing target than one that features McDonald’s WiFi and the local library.

Using geolocation services, Snoopy can even map out your WiFi networks, honing in on your neighborhood and office. Even when you’re not actively connected to a wireless network, your phone is busy checking for nearby connections. To Snoopy, your smartphone is virtually yelling “Home WiFi, are you there? Starbucks WiFi, are you there?”

Using Your Connections Against You

When Snoopy intercepts a signal looking for a certain WiFi network, it can do more than just map out where your favorite networks are. Snoopy can impersonate your phone’s trusted networks, making you believe that you’re safely connected to a well-known WiFi source, when you’re really connected through Snoopy.

While you’re unknowingly using the Internet through Snoopy’s WiFi, the drone has access to all the information and data you’re sending across the connection. In just a few minutes, the drone can collect your passwords, bank account information, and other personal details. This is a fast and easy way for hackers to gather credit card numbers or other data needed to steal your identity.

When developers tested the drone in London, they collected Amazon, PayPal, and Yahoo data. The drone gathered network names from 150 different devices in just one hour.

The Purpose of Snoopy

Snoopy’s developers consider themselves ethical hackers. The technology that they’re using to collect metadata and network names is not illegal, though intercepting passwords and financial data with the intent to use it would be. Snoopy’s purpose is to demonstrate the threats posed by this type of technology. When consumers and developers are aware of the potential for this kind of drone, they can better protect themselves and their technology against it.

Snoopy’s Potential

The drones that carry Snoopy have stunning capabilities. They can fly high enough to avoid visual detection. Hovering up where you can neither see nor hear them, these drones can exemplify an ever-present danger. The potential for this type of technology is nearly unlimited. Law enforcement could use it to track criminals and their smartphone activity. Meanwhile, criminals could find many illicit uses for such a product.

How to Protect Yourself from Drones Like Snoopy

There’s really only one way to protect yourself from Snoopy’s technology. You must turn your WiFi off any time you’re not using a trusted network. This will silence the persistent virtual voice of your phone that’s always looking for a connection it can use. When your WiFi is on, your phone is looking for a way to connect, and drones like Snoopy can easily overhear the message.

Check your phone’s settings and learn how to turn the WiFi on and off. When you leave your home or office, get in the habit of turning the WiFi off during your commute, if you want to protect yourself from technology like Snoopy’s.

The Dangers of Unsecured WiFi

As mentioned previously, the technology that Snoopy uses to gather user data isn’t actually new. Public WiFi networks have always presented very real dangers that users should be aware of. Snoopy or not, if you frequently connect to free WiFi hot spots at your local coffee shop, for example, you could be exposing your data to cyber criminals.

“Man-in-the-middle attacks” are a common way for cyber criminals to steal your data. Hackers can insert themselves between your device and the public WiFi network, intercepting all the data that you send. If you’re checking your bank accounts, logging into Amazon, or making a payment with PayPal, valuable information from these transactions is exposed to the hacker.

Snoopy’s development is a giant red flag that will help demonstrate the dangers of WiFi. This device neatly shows that even though your phone is safely tucked away in your pocket, it’s still a shining beacon filled with personal data about you, ripe for the picking with the right technology.

Get the latest stories and tips from Hotspot Shield in your inbox