Aerial Drone Sniffs, Attacks Wireless Networks at Black Hat

By Fahmida Y. Rashid  |  Posted 2011-08-04

Two security researchers demonstrated how to outfit a radio-controlled model airplane with a computer and 4G connectivity to create a nearly undetectable aerial hacking device.

Mike Tassey and Richard Perkins released the specifications for Wireless Aerial Surveillance Platform that can attack systems from air on Aug. 4 at the annual Black Hat security conference in Las Vegas. The plane the duo brought on stage was capable of wireless network sniffing and cracking, cell tower spoofing, cell phone tracking and call interception, data exfiltration and video surveillance.

Let's review that again. It can fly through the air on near-silent electric engines, snoop quietly on wireless networks and attack them. It can pretend to be a GSM cellphone tower to eavesdrop on calls and text messages that pass through. If it couldn't get into a secured office wireless network, it could follow an employee out the building to a different location and trick the employee to connect to the drone and intercept all online activity, Tassey said.

"There is some really evil stuff you can do from the sky," Tassey said.

Built on top of a surplus Army target drone Perkins happened to have lying around in his basement, Tassey and Perkins added multiple wireless antenna, a microcomputer loaded with a GPS tracking system, wireless sniffing tools and the Backtrack 5 penetration testing software. The attack plane is controlled by a base station that has a 4G wireless dongle connecting with Google Earth and an open-source autopilot software installed.

The base station streams data gathered by the penetration testing and sniffing tools over a VPN connection to a PC somewhere on the ground. The data can be sent to multiple PCs if necessary. It can stay aloft for about an hour.

"We can identify a target by his cell phone and follow him home to where enterprise security doesn't reach," said Perkins, adding, "We can reverse-engineer someone's life." Tassey and Perkins said they built WASP only to show how cheap and easy it can be to snoop and attack, and have no plans to make money off the plane or to actually launch any attacks.

WASP still requires some work and initial investment, according to Tassey and Perkins. Created completely with off-the-shelf equipment and open-source software, the team spent more than 1,300 hours building, testing and refining the attack plane. The price tag, at $6,190, is a fraction of the cost of a spy plane.

Rocket Fuel