Hackers have came up with a drone that steals data, including passwords and location, straight from your smartphone and other devices.
“Snoopy” the drone is deployed above busy city streets and searches out target phones with WiFi settings switched on, taking advantage of a common smartphone feature to continuously search for networks that a user has already approved and accessed.
Snoopy developer Glenn Wilkinson said,
“Their phone will very noisily be shouting out the name of every network its ever connected to They’ll be shouting out, ‘Starbucks, are you there?… McDonald’s Free Wi-Fi, are you there?”
“Your phone connects to me and then I can see all of your traffic, I’ve seen somebody looking for ‘Bank X’ corporate Wi-Fi. Now we know that that person works at that bank.”
The software pretends to be an approved network, and connects to multiple unsuspecting devices at one time, once connected Snoopy intercepts every transmission the device sends and receives.
Snoopy can see and record sensitive information including usernames, passwords, location data, credit card information, websites accessed or accounts.
Wilkinson and Daniel Cuthbert, both of the London-based SensePost information security company built Snoopy, and plan to present their findings at the Black Hat Asia cybersecurity conference in Singapore beginning March 25.
Most smartphone devices are equipped with a function to ascertain permission from the user before joining a network.