Sensepost researchers Glenn Wilkinson and Daniel Cuthbert first released details of Snoopy at the 44Con conference in London, 2012. They described it as "a distributed tracking and profiling framework [that] allowed us to perform some pretty interesting tracking and profiling of mobile users through the use of WiFi."
Most people leave their devices on. But if they're on, they continually send out probes for local connections. "The reason for this appears to be twofold," wrote the researchers at the time; "(i) to find hidden APs [access points] (not broadcasting beacons) and (ii) to aid quick transition when moving between APs with the same name (e.g. if you have 50 APs in your organisation with the same name)." Those probes, however, are the weak point.
Snoopy runs client side code on any Linux device supporting wireless monitor mode / packet injection. The researchers called them drones, and gave examples as the Nokia N900, Alfa R36 router, Sheeva plug, and the RaspberryPi. The drones collect the devices' probe requests, which could be looking for networks that the user has recently connected to, and mimic them. "If your device is probing for 'Starbucks', we'll pretend to be Starbucks, and your device will connect." Once that connection is made, Snoopy can listen in.
Data can be collected and sent back to a C&C server. Advantages include the ability to run nmap and Metasploit scans on the device, and little harm to the attacker "if the device is stolen, or captured by an adversary." The biggest weakness, however, is limited mobility for the drone.
Now the researchers are solving this by mounting their static drone on the other type of flying quadcopter drone, and presenting details at this week's Black Hat Asia. "Installing the technology on drones creates a powerful threat because drones are mobile and often out of sight for pedestrians, enabling them to follow people undetected," notes CNN Money.
The obvious applications for the Snoopy drone are nefarious; but it also has value to law enforcement. In 2011 a series of riots in London became known as the BlackBerry riots because the rioters used mobile phones and devices to organize. "During a riot, a drone could fly overhead and identify looters, for example," suggests CNN Money; adding, "Users can protect themselves by shutting off Wi-Fi connections and forcing their devices to ask before they join networks."