New drone technology - is your data safe?New York, NY (CNN) - We all know we should protect our data, and most of us would never share our passwords. But our mobile devices could be shouting out that information…and there are drones ready to listen.
By: Laurie Segall, CNN Money, CNN
New York, NY (CNN) - We all know we should protect our data, and most of us would never share our passwords. But our mobile devices could be shouting out that information…and there are drones ready to listen.
Glen Wilkinson – Security Researcher, Sensepost: "So I can see three devices, or three mobile phones down below. And so we're collecting data about at least those three people."
That's a hacker using technology paired with a drone to grab your cell phone information from people below. This technology has been used on cell phones and laptops.
One day, it could be installed in larger aircraft think helicopters or small planes. He can also see your usernames, passwords, credit card information and get this: in some cases, your home address.
Glen Wilkinson: "So somebody who was walking around the park, that's most likely their house. One of these houses here."
The tech on the drone is called Snoopy. We took Snoopy out for a spin on the streets of London.
Glen Wilkinson: "It'll fly within a relative close distance to a person with a phone tucked safely in their pocket, and if they've left their Wi-Fi on, which most people do in my experience, their phone will very noisily be shouting out the name of every network it's ever connected to. They'll be shouting out, Starbucks are you there?"
So you can protect yourself by turning off your Wi-Fi. But if you don't, Snoopy can trick your phone and send back a signal pretending to be the network the phone is looking for. Then the drone can intercept everything the phone sends and receives.
Glen Wilkinson: "Your phone is looking for Starbucks, and I pretend to be Starbucks. Your phone connects to me and then I can see all of your traffic, and see your passwords and things like that."
We tested it out with some dummy accounts we created:
Glen Wilkinson: "And we can see here - logging into yahoo.com. So Yahoo Mail, and I created an account, Angela Smith, and there's the user name, and her password is abc12. There's Amazon. Here's Amazon credentials, and also for Paypal. So Paypal email address, user name."
Wilkinson hacked his own Facebook account, to demonstrate what that would look like:
Glen Wilkinson: "So let's pick on my own Facebook account. So I can just say, fetch Facebook profile, and from there I can do something like, fetch all Facebook friends.
Wilkinson is an "ethical hacker;” he built the Snoopy drone to highlight insecurities in smart devices. Some of the things Snoopy can do, like steal usernames and passwords, are illegal. Other features, like tracking location data, would probably not break any US laws.
Glen Wilkinson: "If the technology got in the hands of criminals or bad hackers, which it may have done, there's all kinds of things they could do: at the most basic level they can track people through space and time - say okay, this person's at this location at this time."
In a world where drones fly and tech enables them to potentially spy, it's more important than ever to protect your data.