Hackers can trick Wi-Fi devices into draining their own batteries

Wi-Fi devices recognize each other even if they are not connected to the same network, and hackers can use this to drain their batteries.

Devices using Wi-Fi can be tricked into draining their own batteries due to how wireless networks work. Security experts say that while this ability appears harmless at first glance, it can be used to disable security cameras or as part of a coordinated attack with other vulnerabilities.

Ali Abedi of Stanford University in California and colleagues discovered a phenomenon they call “polite Wi-Fi,” where devices acknowledge and respond to messages from any other wireless device, regardless of whether they have a password or permission to connect. the same network. The responses themselves do not contain sensitive information, but Abedi’s team nevertheless found ways to abuse their transmission.

In a previous article, the researchers found that if fake data packets were sent continuously and the direction from which the responses came was tracked over time, devices could be observed moving around inside the building, indicating that they could be telephones or telephones. smart watch. This allowed them to track the movements of people.

Now, researchers have found that they can continuously ping battery-powered Wi-Fi devices and prevent them from going to sleep by rapidly reducing their power. This can be done with a $10 device that sends fake data packets.

The team tested 5,000 different devices from 186 manufacturers and found that they were all vulnerable to this attack: if they were sent a fake data packet, they responded with an “acknowledge” or “ACK” signal. Worked at distances up to 200 meters.

Abedi says Wi-Fi devices are designed to work this way, so they can indicate to other machines that transmission is working. If the devices were to wait for each other to authenticate before responding, then wireless networks would practically come to a halt, meaning the error would be hard to fix, he says.

Kevin Curran of the University of Ulster, UK, says battery drain seems harmless at first glance, but when combined with other vulnerabilities, it can lead to dangerous attacks.

For example, thieves can drain the battery of a Wi-Fi-enabled security camera, he said. “If they are pinged regularly, you can completely merge them. And those attacks are always getting better, and then the use cases can expand.”

Jake Moore of cybersecurity company ESET says that when protocols are created, it is impossible to predict how they can be abused. “When devices are designed, even with security in mind, the full range of creative methods for using a device is endless,” he says. “The ability to send unauthorized data packets across a network can be very dangerous.”

Link: arxiv.org/abs/2301.00269