ABSTRACT
We present Wi-Peep - a new location-revealing privacy attack on non-cooperative Wi-Fi devices. Wi-Peep exploits loopholes in the 802.11 protocol to elicit responses from Wi-Fi devices on a network that we do not have access to. It then uses a novel time-of-flight measurement scheme to locate these devices. Wi-Peep works without any hardware or software modifications on target devices and without requiring access to the physical space that they are deployed in. Therefore, a pedestrian or a drone that carries a Wi-Peep device can estimate the location of every Wi-Fi device in a building. Our Wi-Peep design costs $20 and weighs less than 10 g. We deploy it on a lightweight drone and show that a drone flying over a house can estimate the location of Wi-Fi devices across multiple floors to meter-level accuracy. Finally, we investigate different mitigation techniques to secure future Wi-Fi devices against such attacks.
- Ali Abedi and Omid Abari. 2020. WiFi Says" Hi!" Back to Strangers!. In Proceedings of the 19th ACM Workshop on Hot Topics in Networks. 132--138.Google ScholarDigital Library
- Ali Abedi and Tim Brecht. 2017. Conducting Repeatable Experiments in Highly Variable Cloud Computing Environments. In ICPE.Google Scholar
- Ali Abedi, Andrew Heard, and Tim Brecht. 2015. Conducting Repeatable Experiments and Fair Comparisons Using 802.11n MIMO Networks. SIGOPS Operating Systems Review (2015).Google Scholar
- Fadel Adib, Zachary Kabelac, and Dina Katabi. 2015. Multi-person Localization via RF Body Reflections (NSDI).Google Scholar
- Victor Bahl and Venkat Padmanabhan. 2000. RADAR: An In-Building RF-based User Location and Tracking System (INFOCOM).Google Scholar
- Gerald Combs. 2020. Wireshark. https://www.wireshark.org/.Google Scholar
- DJI 2022. DJI Mini 2. DJI. https://www.dji.com/ca/mini-2/specs.Google Scholar
- DJI 2022. PHANTOM 4 RTK. DJI. https://www.dji.com/ca/phantom-4-rtk/info.Google Scholar
- Espressif Systems 2019. ESP32 datasheet. Espressif Systems. https://www.espressif.com/sites/default/files/documentation/\esp32_datasheet_en.pdf.Google Scholar
- Espressif Systems 2020. ESP8266 datasheet. Espressif Systems. https://www.espressif.com/sites/default/files/documentation/0a-esp8266ex_datasheet_en.pdf.Google Scholar
- Julien Freudiger. 2015. How Talkative is Your Mobile Device? An Experimental Study of Wi-Fi Probe Requests. In Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (ACM WiSec '15).Google ScholarDigital Library
- Domenico Giustiniano, Theodoros Bourchas, Maciej Bednarek, and Vincent Lenders. 2015. Deep Inspection of the Noise in WiFi Time-of-Flight Echo Techniques. In MSWiM. 5--12.Google Scholar
- Jon Gjengset, Jie Xiong, Graeme McPhillips, and Kyle Jamieson. 2014. Phaser: Enabling Phased Array Signal Processing on Commodity Wi-Fi Access Points. MobiCom (2014).Google ScholarDigital Library
- Omar Hashem, Moustafa Youssef, and Khaled A. Harras. 2020. WiNar: RTT-based Sub-meter Indoor Localization using Commercial Devices. In IEEE International Conference on Pervasive Computing and Communications (PerCom).Google Scholar
- Suining He and S.-H. Gary Chan. 2016. Wi-Fi Fingerprint-Based Indoor Positioning: Recent Advances and Comparisons. IEEE Communications Surveys Tutorials 18, 1 (2016), 466--490. Google ScholarDigital Library
- Baik Hoh, Marco Gruteser, Hui Xiong, and Ansaf Alrabady. 2007. Preserving Privacy in Gps Traces via Uncertainty-Aware Path Cloaking (ACM CCS).Google Scholar
- Berthold K.P. Horn. 2020. Doubling the Accuracy of Indoor Positioning: Frequency Diversity. Sensors (2020).Google Scholar
- Mohamed Ibrahim, Hansi Liu, Minitha Jawahar, Viet Nguyen, Marco Gruteser, Richard Howard, Bo Yu, and Fan Bai. 2018. Verification: Accuracy Evaluation of WiFi Fine Time Measurements on an Open Platform. In Annual International Conference on Mobile Computing and Networking (ACM MobiCom).Google ScholarDigital Library
- Tao Jiang, Helen J. Wang, and Yih-Chun Hu. 2007. Preserving Location Privacy in Wireless Lans (ACM MobiSys).Google Scholar
- S. S. Kolahi and A. A. Almatrook. 2017. Impact of security on bandwidth and latency in IEEE 802.11ac client-to-server WLAN. In 2017 Ninth International Conference on Ubiquitous and Future Networks (ICUFN). 893--897.Google Scholar
- Manikanta Kotaru, Kiran Joshi, Dinesh Bharadia, and Sachin Katti. 2015. SpotFi: Decimeter Level Localization Using Wi-Fi (SIGCOMM).Google Scholar
- Swarun Kumar, Stephanie Gil, Dina Katabi, and Daniela Rus. 2014. Accurate Indoor Localization with Zero Start-up Cost (MobiCom).Google Scholar
- P. Li, S. S. Kolahi, M. Safdari, and M. Argawe. 2011. Effect of WPA2 Security on IEEE 802.11n Bandwidth and Round Trip Time in Peer-Peer Wireless Local Area Networks. In 2011 IEEE Workshops of International Conference on Advanced Information Networking and Applications. 777--782.Google Scholar
- Andreas Marcaletti, Maurizio Rea, Domenico Giustiniano, Vincent Lenders, and Aymen Fakhreddine. 2014. Filtering Noisy 802.11 Time-of-Flight Ranging Measurements. In CoNEXT. 13--20.Google Scholar
- Alex T. Mariakakis, Souvik Sen, Jeongkeun Lee, and Kyu-Han Kim. 2014. SAIL: Single Access Point-Based Indoor Localization. In Annual International Conference on Mobile Systems, Applications, and Services (ACM MobiSys).Google Scholar
- Monolithic Power Systems Inc. 2011. MP1584 Step-Down Converter. Monolithic Power Systems Inc. https://www.monolithicpower.com/en/documentview/productdocument/index/version/2/document_type/Datasheet/lang/en/sku/MP1584EN-LF-Z/document_id/204/.Google Scholar
- Michał Nowicki and Jan Wietrzykowski. 2017. Low-effort place recognition with WiFi fingerprints using deep learning. In International Conference Automation. Springer, 575--584.Google ScholarCross Ref
- Anshul Rai, Krishna Kant Chintalapudi, Venkata N. Padmanabhan, and Rijurekha Sen. 2012. Zee: Zero-effort Crowdsourcing for Indoor Localization (MobiCom).Google Scholar
- Maurizio Rea and Domenico Giustiniano. 2021. Location-aware Wireless Resource Allocation in Industrial-like Environment. IEEE Transactions on Mobile Computing (2021).Google ScholarCross Ref
- Mohammad Saleh, Jaafar Gaber, and Maxim Wack. 2017. Sensor Networks Applications Performance Measures for IEEE802.11n WiFi Security Protocols. In Proceedings of the International Conference on Future Networks and Distributed Systems (ICFNDS '17). Google ScholarDigital Library
- Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef. 2022. On the Robustness of Wi-Fi Deauthentication Countermeasures (WiSec '22). 245--256.Google Scholar
- B. Schilit, J. Hong, and M. Gruteser. 2003. Wireless location privacy protection. IEEE Computer (2003). Google ScholarDigital Library
- Reza Shokri, George Theodorakopoulos, Panos Papadimitratos, Ehsan Kazemi, and Jean-Pierre Hubaux. 2014. Hiding in the Mobile Crowd: LocationPrivacy through Collaboration. IEEE Transactions on Dependable and Secure Computing (2014).Google Scholar
- Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting Location Privacy: Optimal Strategy against Localization Attacks (ACM CCS).Google Scholar
- Ivan Vasilevski, Dobre Blazhevski, Veno Pachovski, and Irena Stojmenovska. 2019. Five Years Later: How Effective Is the MAC Randomization in Practice? The No-at-All Attack. In ICT Innovations 2019. Big Data Processing and Mining, Sonja Gievska and Gjorgji Madjarov (Eds.). Springer International Publishing.Google ScholarCross Ref
- Deepak Vasisht, Swarun Kumar, and Dina Katabi. 2016. Decimeter-Level Localization with a Single Wi-Fi Access Point (NSDI).Google Scholar
- Jue Wang and Dina Katabi. 2013. Dude, Where's My Card?: RFID Positioning That Works with Multipath and Non-line of Sight (SIGCOMM).Google Scholar
- Yaxiong Xie, Jie Xiong, Mo Li, and Kyle Jamieson. 2018. mD-Track: Leveraging Multi-Dimensionality in Passive Indoor Wi-Fi Tracking. arXiv preprint arXiv:1812.03103 (2018).Google Scholar
- Jie Xiong and Kyle Jamieson. 2013. ArrayTrack: A Fine-grained Indoor Location System (NSDI).Google Scholar
- Jie Xiong, Kyle Jamieson, and Karthikeyan Sundaresan. 2014. Synchronicity: Pushing the Envelope of Fine-grained Localization with Distributed Mimo. In HotWireless.Google Scholar
- Jie Xiong, Karthikeyan Sundaresan, and Kyle Jamieson. 2015. ToneTrack: Leveraging Frequency-Agile Radios for Time-Based Indoor Wireless Localization (MobiCom).Google Scholar
- Moustafa Youssef and Ashok Agrawala. 2005. The Horus WLAN Location Determination System (MobiSys).Google Scholar
- Yanzi Zhu, Zhujun Xiao, Yuxin Chen, Zhijing Li, Max Liu, Ben Y. Zhao, and Haitao Zheng. 2020. Et Tu Alexa? When Commodity WiFi Devices Turn into Adversarial Motion Sensors. Network and Distributed Systems Security (NDSS) Symposium (2020).Google ScholarCross Ref
Recommendations
MIMO CSI-based Super-resolution AoA Estimation for Wi-Fi Indoor Localization
ICMLC '20: Proceedings of the 2020 12th International Conference on Machine Learning and ComputingIndoor localization technology has always been a research hotspot in industry and academia. Indoor localization research using channel state information (CSI) of Wi-Fi signals has also received more and more attention. The existing Angle of Arrival (AoA)...
Cross-assistive approach for PDR and Wi-Fi positioning
UbiComp '14 Adjunct: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct PublicationIn indoor positioning using Wi-Fi, there is a problem that the accuracy is not stable by the occurrence of large errors. Large errors tend to occur when density of wireless LAN access points is low or the radio wave condition is unstable. Furthermore, ...
Survey on the Indoor Localization Technique of Wi-Fi Access Points
This article describes how indoor localization of Wi-Fi AP (access point) plays an important role in the discovery of illegal indoor Wi-Fi and for the safety inspection of confidential places. There have been many related research results in recent ...
Comments