A new hacker-developed drone can lift your smartphone’s private data from your GPS location to mobile applications’ usernames and passwords — without you ever knowing. The drone’s power lies with a new software, Snoopy, which can turn a benign video-capturing drone into a nefarious data thief.
Snoopy intercepts Wi-Fi signals when mobile devices try to find a network connection. London researchers have been testing the drone and plan to debut it at the Black Hat Asia cybersecurity conference in Singapore next week. Snoopy-equipped drones can aid in identity theft and pose a security threat to mobile device users.
Despite its capabilities, the drone software project was built to raise awareness and show consumers how vulnerable their data is to theft, Glenn Wilkinson, a Sensepost security researcher and Snoopy’s co-creator, told CNN Money.
As a part of its controversial surveillance programs, the U.S. National Security Agency already uses similar technology to tap into Wi-Fi connections and control mobile devices. And even though Snoopy hasn’t hit the market, phone-hacking drones could become a reality in the United States now that a federal judge recently overturned the U.S. Federal Aviation Administration’s commercial drone ban. Because the ban was lifted, filmmakers and tech companies such as Facebook and Amazon are now allowed to fly drones — be it to increase Web access or deliver packages — for profit.
Before latching onto a Wi-Fi signal, mobile devices first check to see if any previously connected are nearby. The Snoopy software picks up on this and pretends to be one of those old network connections. Once attached, the drone can access all of your phone’s Internet activity. That information can tell hackers your spending habits and where you work.
With the right tools, Wi-Fi hacks are relatively simple to pull off, and are becoming more common. Personal data can even be sapped from your home’s Wi-Fi router. And because the number of Wi-Fi hotspots keeps growing, consumers must take steps, such as using encrypted sites, to protect their data.
Data breaches overall are happening more often. Customers are still feeling the effect of Target’s breach last year that exposed more than 100 million customers’ personal data. But as smartphones increasingly becoming the epicenter of personal data storage, hacks targeting the device rather than individual apps pose a greater privacy and security threat.
According to a recent Pew Research study, about 50 percent of Web users publicly post their birthday, email or place of work — all of which can be used in ID theft. Nearly 25 percent of people whose credit card information is stolen also suffer identity theft, according to a study published by Javelin Strategy & Research of customers who received data breach notifications in 2012. Moreover, most people manage about 25 online accounts and only use six passwords, quadrupling the potential havoc from one account’s password breach.