As (sadly) an NSA alumni'st, I knew this was coming but am sad to see it actually arrive.... Snoopy the Drone Can Hack Your Smartphone By Steve Anderson Contributing Mobile Security Writer The idea of flying robots stealing the information off a user's smartphone is the kind of threat that actually telling people is a concern might well result in involuntary institutionalization. At least, it was until now, with new reports out about a quadricopter drone known as Snoopy, which can indeed, under the right circumstances, hack a user's smartphone and steal the data contained therein. Snoopy is currently being tested above the streets of London, England, where a group of hackers will be bringing information about Snoopy and its operations to Singapore's upcoming Black Hat Asia conference. Snoopy operates, according to reports, by hovering over the streets, looking for devices that have Wi-Fi settings turned on. Once it finds such a device, it then exploits a key development in the connection system in which said device looks for a network it's already accessed. This is done in a process that Glenn Wilkinson, a security researcher with Sensepost, likens to “...very noisily shouting out the name of every network it's ever connected to.” While the device is frantically shouting out names in a bid to connect with a previously used network, Snoopy then steps in and claims to be that network, allowing the device in question to connect to the drone, believing it's the network in question. Snoopy can then get access to whatever the device has on it, ranging from things like usernames and passwords of certain websites, to even the names of the networks accessed, which can provide potentially useful information about where a user works or even lives. Snoopy went out on a Saturday afternoon as part of a CNNMoney report, and within an hour, managed to get not only network names but GPS coordinates for roughly 150 mobile devices, also getting several passwords to Amazon, PayPal and Yahoo accounts specifically created for the report so as to prove that the data could be obtained without risk to actual users. There are, thankfully, some protective measures that can be taken against drones like Snoopy, including shutting off automatic Wi-Fi connections, and requiring devices to actually ask before connecting to certain networks. This is a largely inconvenient way to go about things, but should prove fairly well protective against just such a tactic. The part that likely has many most concerned is that a drone is a comparatively unobtrusive device. It can operate well above a user's line of sight, and can take advantage of cover as needed, settling in over the top of a building temporarily, ducking behind treelines, or even just moving to where the user isn't looking at the time to stay almost completely hidden from view. That makes it impossible to tell where a drone is at any given time, and considering how quiet its engines can be, and what ranges at which it can operate, this means a quiet and extremely sneaky system that can grab data and be gone before anyone even realizes it was there. Some, like law enforcement, might call this useful, but many others would simply term it another and particularly pronounced invasion of privacy. Though there are protective measures that can be taken here, activating said protections can be difficult to regularly put in play, and even one slip with a drone like Snoopy could be disastrous. This is some very powerful technology, and it only remains to be seen just how far it will be put in use, or what kind of other protections will crop up to fight against it.