Imagine you’re walking around, enjoying the early spring sunshine, and looking for a Wi-Fi network. You hear a whirring sound above you, look up, and there’s a drone, just chilling. Did that drone just take your picture? Nah. It just stole all the precious passwords from your smartphone.
This is a real—however somewhat distant—possibility. We know that it’s technically possible thanks to some London-based SensePost security researchers who built new software called Snoopy that turns drones into data thieves. Essentially, Snoopy works on drones that seek out the signal that your smartphone broadcasts when it’s looking for a Wi-Fi network to join. The drone intercepts the signal and tricks the phone into thinking it’s a trusted network, then Snoopy gains access to all kinds of data on the phone.
It’s not just passwords. The researchers say that Snoopy can retrieve credit card numbers, location data, and usernames, too. They’ve successfully stolen Amazon, PayPal, and Yahoo credentials from random Londoners. The technology is not dissimilar to some of the gadgets in the NSA’s spy gear catalog that enable them to break into Wi-Fi networks from a distance. Whereas the NSA can do it from eight miles away, however, Snoopy evidently needs to be as close as two feet.
So the data-stealing drone is real, but it’s not like they’re flying all over cities around the world right now. SensePost did the drone project in the name of better security and are presenting their findings at the Black Hat Asia conference next week in Singapore. In the meantime, maybe it’s best to just turn off that automatic Wi-Fi network-finding feature. It’s clearly vulnerable. Furthermore, it drains your battery like whoa. [CNN Money via ThinkProgress]