How a Drone Could Spoof Wi-Fi, Steal Your Data

"If you are on the same network as somebody else, they can be seeing the information that’s traveling across the network," Chicago attorney says

Drones are inexpensive, small and hard to detect when flying several hundred feet in the air. And security researchers warn the remote devices can also be outfitted to gather private information.

In a controlled environment, penetration tester Parker Schmitt and robot expert David Jordan attached a tiny computer to a drone to show how the device could be used for nefarious purposes. While in the sky, the drone poses as an open Wi-Fi network and tricks other devices to connect to it. Once the connection is made, any information that passes through -- credit card information, home addresses, and telephone numbers -- can be obtained.

"It adds a whole level of anonymity that these bad guys have thrived on," Parker explained.

The obscurity of the drone means users on computers and cell phones could make unwanted connections while in their own homes, a public place, or a place of business.

"It’s basically one way of stealing information," said Chicago attorney Whitney Merrill, who specializes in technology cases where the bad guy is often a hacker -- a phantom so to speak -- operating illegally in an anonymous world.

Merrill stressed how important it is that end users understand that open Wi-Fi is not secure.

"If you are on the same network as somebody else, they can be seeing the information that’s traveling across the network," she said.

How You Can Protect Yourself:

There are things device users can do to protect themselves against hackers. Avoiding open Wi-Fi networks is the first step. If you must connect to a public Wi-Fi network, make sure the web address you visit is correct and not a dummy site. Also be sure to only open websites that have “https” in the address. And when accessing a banking website, only continue if a lock appears indicating a secure, encrypted connection.

Both Schmitt and Jordan will be presenting at THOTCON, a Chicago hacking conference, on May 14. Merrill will also speak. 

Contact Us