The device, nicknamed Wi-Peep, can fly near a building and then use the inhabitants' Wi-Fi network to identify and locate all Wi-Fi-enabled devices inside in a matter of seconds.
The Wi-Peep exploits a loophole the researchers call polite Wi-Fi. Even if a network is password protected, smart devices will automatically respond to contact attempts from any device within range. The Wi-Peep sends several messages to a device as it flies and then measures the response time on each, enabling it to identify the device's location to within a meter.
"The Wi-Peep devices are like lights in the visible spectrum, and the walls are like glass," Abedi said. "Using similar technology, one could track the movements of security guards inside a bank by following the location of their phones or smartwatches. Likewise, a thief could identify the location and type of smart devices in a home, including security cameras, laptops, and smart TVs, to find a good candidate for a break-in. In addition, the device's operation via drone means that it can be used quickly and remotely without much chance of the user being detected."
This vulnerability relates to the location and type of devices, so is not about any access to your devices or network. It's great from thieves for example to see where your smart TVs are located in a home, and where the human's phone devices are presently. But it's also great for hostage rescuers to see where hostages are grouped in a bank vs others moving around.
As it is hardware related, there is no possible software patch, and we'll need to wait for newer Wi-Fi hardware devices to be rolled out.
See Researchers discover security loophole allowing attackers to use Wi-Fi to see through walls
A research team based out of the University of Waterloo has developed a drone-powered device that can use Wi-Fi networks to see through walls.