The New Overhead Privacy Thief
This post is also available in: 
עברית (Hebrew)
The next threat to your privacy could be hovering overhead while you walk down the street. Hackers have developed a drone that can steal the contents of your smartphone and access your password. The technology equipped on the drone, known as Snoopy, looks for mobile devices with Wi-Fi settings turned on.
Snoopy takes advantage of a feature built into all smartphones and tablets: When mobile devices try to connect to the Internet, they look for networks they’ve accessed in the past.
That’s when Snoopy can swoop into action: the drone can send back a signal pretending to be networks you’ve connected to in the past. Devices two feet apart could both make connections with the quadcopter, each thinking it is a different, trusted Wi-Fi network. When the phones connect to the drone, Snoopy will intercept everything they send and receive.
According to sUAS that includes the sites you visit, credit card information entered or saved on different sites, location data, usernames and passwords. Each phone has a unique identification number, or MAC address, which the drone uses to tie the traffic to the device.
The names of the networks the phones visit can also be telling. CNN Money recently took Snoopy out for a spin and were able to show what they believed to be the homes of several people who had walked underneath the drone. In less than an hour of flying, he obtained network names and GPS coordinates for about 150 mobile devices.
iHLS – Israel Homeland Security
They were also able to obtain usernames and passwords for Amazon, PayPal and Yahoo accounts created for the purposes of the reporting so that they could verify the claims without actually stealing from people.
Collecting metadata, or the device IDs and network names, is probably not illegal, according to the Electronic Frontier Foundation. Intercepting usernames, passwords and credit card information with the intent of using them would likely violate wiretapping and identity theft laws.
Installing the technology on drones creates a powerful threat because drones are mobile and often out of sight for pedestrians, enabling them to follow people undetected.
While most of the applications of this hack are creepy, it could also be used for law enforcement and public safety. During a riot, a drone could fly overhead and identify looters, for example.
Users can protect themselves by shutting off Wi-Fi connections and forcing their devices to ask before they join networks.
