For many, the notion of a flying drone conjures an image of an unmanned airborne military surveillance machine, or a high-flying courier sent to deliver your latest Amazon purchase. As a developing technology, the threat of drones being used for cybercriminal sabotage (especially on civilians, such as you and I) seems distant—but it might not be as foreign a concept as you may think.
Security researchers in London have successfully built a program dubbed “Snoopy” that orders drones (small unmanned aerial vehicles that can be remotely controlled) to seek out smartphones and steal their data. And it does so exceptionally well.
Snoopy is a simple concept: the drone takes flight and searches for a particular signal used by smartphones to find a Wi-Fi connection. It’s the equivalent of your phone shouting “Starbucks!” in order to find and connect to Starbucks Wi-Fi. Once a signal is found, Snoopy tricks your smartphone into thinking it has joined a trusted network and then proceeds to steal your data sent via your device when using that connection.
This type of attack is what we refer to as a “Man-in-the-Middle” attack. It’s a simple concept: hackers aim to intercept your data in between two connection points—in this case, your device and the Wi-Fi signal.
The stolen data in this case includes access to the sites a user has visited, usernames, passwords, credit card information—anything that may be transmitted over an app and typed into the phone by the user. It also includes location data and a list of networks you’ve connected to previously—including home and work Wi-Fi networks—in order to build a better profile of you, their target. During a test with CNN, Snoopy was able to cull network names and global positioning system (GPS) coordinates of about 150 phones in under an hour in a downtown London park. Like I said: it does its job exceptionally well.
Despite its efficiency, the success of Snoopy depends on users doing two things that should not be done: 1) keeping your phone’s Wi-Fi connection on, and consequently in search mode, and 2) automatically joining public networks when an available Wi-Fi signal is found.
So should you expect a swarm of drones flying about your home and neighborhood sucking up as much data as possible? Absolutely not. Snoopy is just a theoretical example (or proof-of-concept creation) produced by a group of professionals whose job is to research these very vulnerabilities and subsequently address them.
However, well-versed hackers require little to leverage this type of attack. All that’s needed is a wireless router and the some know-how. Executing a man-in-the-middle attack over a drone is more of a media gimmick than a practicality (though the message about improving phone security is still important). Finally, the drone’s attack is a bit impractical to do without being noticed—the drones used in this case aren’t exactly inconspicuous and Snoopy needs to be relatively close to the target device to succeed—but it does serve to illuminate a few measures you can take to protect yourself and your data:
- Turn off your Wi-Fi when not in use. If you’re not using a Wi-Fi network, your phone’s Wi-Fi search should be off. Apple has made this easy to do with its new iOS7 control center. Android users can and should do the same through their settings. On each of these devices, you can simply go to Settings and set “Wi-Fi” to “Off.”
- Don’t let your device automatically connect to Wi-Fi. If you do leave your Wi-Fi on when you’re out and about then you should approve every Wi-Fi connection yourself. This helps to significantly reduce the likelihood that threats like Snoopy will be able to hijack your data.
- Actively protect your Android phone from fake connections. McAfee® Mobile Security actively checks to see if you’re connected to a network that is being tapped by hackers. If it finds anything suspicious, it will disconnect you from this compromised network. Additionally, McAfee Mobile Security will alert you if you do happen to auto-connect to a Wi-Fi network that doesn’t have a password (as described above). It’s an easy (and free) way to secure your phone from man-in-the-middle attacks.
- Make sure you secure your device. Software designed to steal valuable data from your mobile device increased by 197% from 2012. Those threats are only going to become more common as time goes on. Guard your smartphone, tablet, PC and Mac with McAfee LiveSafe™ service, designed to protect your data and devices from prying eyes. Already have protection for your computers? Download our free mobile security for both Android and iOS to protect your smartphone.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.