Seven months ago, Ars documented CreepyDOL, a low-cost, distributed network of Wi-Fi sensors that stalks smartphone-toting people as they move about neighborhoods or even entire cities. As each node is small enough to be slipped into an overlooked nook at the nearby gym, cafe, or break room, the system can assemble a shockingly detailed dossier of personal data, including the schedules, e-mail addresses, personal photos, and current or past whereabouts of the person or people it monitors.

Now, CreepyDOL—short for Creepy Distributed Object Locator—is about to be outdone by a newly updated DIY stalker device that has the potential to collect orders of magnitude more data from people. Dubbed Snoopy, it can track not only Wi-Fi, but also signals based on radio frequency identification (RFID) and the Bluetooth and 802.15 specifications. Combined with a GPS card that correlates signals to the location where they're detected, the capabilities let Snoopy spy not only on phones, tablets, and computers, but also, potentially, on pacemakers, fitness bracelets, smartcards, and other electronics. Plus, the geographically aware Snoopy can also be mounted on a low-cost aerial drone so it can locate and maintain radio contact even when subjects are on a morning run or situated in a high-rise building, a country inn, or some other out-of-the way location.

The researchers behind an earlier version of Snoopy that tracked only Wi-Fi signals have already used it to track more than 42,000 unique devices during a single 14-hour experiment in 2012 at the King's Cross train station in London. They have also unleashed Snoopy in a variety of other environments over the past two years, including at several security conferences. By taking careful notice of the Wi-Fi networks the devices have previously accessed (and continue to search for), the researchers were able to detect likely relationships among users. Four devices that hailed an SSID that the researchers geolocated to a London branch of one of the UK's largest banks, for instance, were presumed to belong to coworkers of the financial institution.

Digital terrestrial footprint

It was also possible to know if any devices within range of Snoopy had previously visited other monitored locations. Using Snoopy at a Black Hat 2013 conference, for instance, the researchers were able to discover four phones belonging to their fellow coworkers, based solely on the wireless networks the devices were trying to locate. The ability of Snoopy to cross-reference signals observed from multiple phones on multiple occasions will no doubt improve with its newfound ability to glide from one location to another. And the newly acquired capability to read Bluetooth, RFID, and 802.15 signals—some that often advertise themselves with names such as Dan Goodin's MacBook Pro—also promises to give Snoopy the means to track a more complete sum of our electronic outputs, something the researchers dub our "digital terrestrial footprint."

"All of us, as we wander around through life, carry technology with us, be it a smartphone, an NCS smartcard, or a pacemaker or fitness bracelet," Glenn Wilkinson, the lead security analyst at security firm SensePost and one of the creators of Snoopy, told Ars. "All these devices emit some signal, be it Wi-Fi, GSM, Bluetooth. What I'm trying to do is find a way to uniquely identify people based on the signal they're emitting."

Wilkinson and SensePost COO Daniel Cuthbert are scheduled to demo the new and improved Snoopy on Friday at the Black Hat 2014 security conference in Singapore. Their presentation will include the software and hardware schematics, not only for a Wi-Fi-, Bluetooth-, and GPS-enabled snooping device, but also for a remotely controlled aerial drone equipped with two video cameras. The talk, which they say is intended to show the darker side of our reliance on electronics, is titled The Machines that Betrayed their Masters.

The main hardware component driving Snoopy is a BeagleBone Black, a low-power, open-source computer that's about the size of a credit card. Other components include a:

SanDisk 8GB Class 10 SD card

USB hub

5.5 x 1.2 mm 1 female to 2 male splitter

5V2A power supply

Huawei E160 (with SIM card)

Example peripherals that can be connected include:

Alfa AWUS036H (Wi-Fi)

Ubertooth (Bluetooth)

RFidler (RFID)

Bluenext-BN903S (GPS)

XBee radio (802.15)

The aerial drone currently comprises a DJI F450 quadcopter with two onboard cameras, one made by GoPro for collecting high-definition images and a separate first-person-view cam to stream live video. It can fly for about 20 minutes before needing to be recharged. A fixed wing craft could extend flying time into hours.

Real-time snooping

The software includes all the code needed to control the various hardware components, including capturing radio signals and storing them on local hard drives. Written in Python, the Snoopy software also includes functions that allow individual nodes to use Wi-Fi, GSM, or 802.15 signals to connect to attacker-operated command and control servers, which can send commands to the devices and receive the collected data so it's all stored and analyzed in one place.

"The data collection is distributed, so you can scatter drones over the whole of New York, say," Wilkinson explained. "They all collect this data in real time and send it back to the central server. So when someone enters the subway, you know that they're there. Ten minutes later, they exit the subway [and] you notice their next location. You can track them in real time."

Another option that could prove useful for surveillance in out-of-the-way locations with no reliable way connect to control servers is is to stash Snoopy nodes there and then periodically fly a separate Snoopy device overhead to receive data collected by the ground-based node. Wilkinson said Snoopy could also be programmed to destroy data in the event that one of the nodes is discovered. The self-destruct capability could be triggered by an on-board accelerometer that detects when the device is unexpectedly picked up or moved.

I know who you had to dinner last night

As Wilkinson and Cuthbert have already demonstrated with earlier results, Snoopy has a creepy ability to collect a dizzying array of data, such as unique device IDs, including their changing locations, the Wi-Fi access points the devices hail, and unencrypted data carried in their radio signals. Once the data is collected and stockpiled, virtually all of it can cross-referenced to reveal key details about the users, including their employers and friends, and possibly names and addresses. To make it easier to find relationships, the data can be visualized using Maltego or similar software.

"What's nice is this pulls all the data together and allows you to explore it over time," Wilkinson said. "So if you drop the Snoopy drone in your house, you can explore the data over time and figure out when your neighbors have guests and how long they stayed—and where else they visited, if you have some drones in other people's houses, for example."

Of course, there's also the potential for Snoopy to read any intercepted traffic that's not encrypted as it travels between end users and Internet servers, including passwords in some cases. Even when monitored data doesn't include login credentials, it still may include user names, home pages, or other data that can be cross-referenced with a unique hardware identifier and previously accessed SSIDs to provide clues about the person using the device. People who want to protect themselves against Snoopy and similar electronic stalking devices should turn off Wi-Fi and Bluetooth capabilities when they're not needed, especially when located in highly public places. Clearing lists of preferred Wi-Fi networks is also worth considering. Those who are concerned about data leaked by RFID- and NFC-enabled devices should keep them in faraday cage bags. Use of a virtual private network is also a good idea.

The research pair first envisioned Snoopy more than two years ago to underscore how much data could be gathered by a collection of devices that are within the capability and budget of a die-hard hobbyist. With a price tag of under $200 for the Snoopy spying node and $1,650 for the optional flying drone, the resulting proof-of-concept is even more instructive in the post-Snowden world that has since emerged. If Snoopy is the product of a researcher duo working in their spare time, just think what the National Security Agency, GCHQ of the UK, or Israel's Mossad can do.