Hacker drone launches airborne cyber attacks

Aug 06, 2011 by Glenn Chapman

Computer security specialists showed off a homemade drone aircraft Friday capable of launching airborne cyber attacks, hijacking mobile phone calls, or even delivering a dirty bomb.

Rich Perkins and Mike Tassey built the bright yellow Wireless Arial Surveillance Platform in a garage from a used US Army target that they customized to find mobile phones and Internet hotspots.

"It will fly a plotted course and return to base," Perkins said while showing the WASP to AFP at a DefCon hackers gathering in Las Vegas.

"We loaded it up with the ability to attack Wi-Fi, Bluetooth, and GSM ."

WASP can grab packets of data being sent over the air on wireless networks, or use unsecured hot spots as gateways through which can be launched on computer systems.

The drone can grab GMS identification numbers that can then be used to bill outgoing calls. It can also let hackers impersonate cell phone towers and eavesdrop on people's calls.

Second-hand drones such as that used for WASP can be bought online for about $150.

The rest of the parts were purchased by mail-order for a total tab reaching $6,200, not counting the tremendous number of hours spent working on the project started in 2009.

Perkins said the 14-pound (six-kilogram) drone was built to put the computer security industry on notice that the components are available for such "do-it-youself" creations, which could be used for good or evil.

WASP could find mobile phones in disaster areas, potentially leading rescuers to survivors. It could also fly over a disaster zone to act as a mobile phone tower enabling calls.

On the evil side, WASP could help slip into a company's computer networks through unsecured wireless networks set up in cafeterias or other spots for the convenience of customers and employees.

The modified drone could also identify key executives by their mobile telephones and then track their movements to look for data-stealing opportunities, such as working on a laptop connected wirelessly to the Internet at a cafe.

"I can take the various pieces of your digital life -- Bluetooth headset, cell phone, Wi-Fi -- and find the least secure place you exist and attack you there," Perkins said of WASP.

Such a drone could also carry a small payload, opening up the potential for smugglers to use it or to serve as a targeted biological or nuclear weapon in a terror attack, its creators warned.

"I really fear a policy reaction that stifles research," Perkins said.

"Let's look at how to protect from the bad guys doing the same thing without telling us," he urged.

Perkins and Tassey displayed their creation to security industry professionals here for a major Black Hat conference this week before taking it to DefCon, the world's largest hacker gathering that kicked off Friday.

Authorities wouldn't permit WASP to fly over populated areas such as Las Vegas, but video taken from the drone during a flight over a rural area in the United States was posted online at rabbit-hole.org.

Explore further: Hand out money with my mobile? I think I'm ready

add to favorites email to friend print save as pdf

Related Stories

Mini drone and iPhone take video games to real world

Jan 17, 2010

Drones have become synonymous with US military strikes in hotspots like Afghanistan. But now a French firm has built a mini version piloted by an iPhone that brings video games to the streets.

A drone for security and safety (w/Video)

May 29, 2009

(PhysOrg.com) -- European researchers have developed a small robotic drone capable of helping save lives in emergency situations or preventing terrorist attacks in urban areas.

Recommended for you

Hand out money with my mobile? I think I'm ready

Apr 17, 2014

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Aug 06, 2011
When will people learn everything we use which acts as a force multiplier is multipurpose. Early stone throwing humans probably turned them on each other.

Everything except nail clippers, I've never heard of nail clippers being used offensively. Yet I'm allowed to carry 30 pens on an airplane.
not rated yet Aug 06, 2011
Ah, but it's not the clipper part that's so fearsome -- it's the sharp-tipped nail file that's attached, you see. (Actually, one could cause some painful and bloody -- possibly even fatal -- wounds, even with a "blade" as small as that. It would not be very easy, however.)
not rated yet Aug 06, 2011
So our wonderful tool that allows us to be so lazy (the Internet in all its modes) may inflict bigger bites on our bums than it currently does through ID fraud.
Perhaps in areas where greater safety is required we may need to resort to non electronic means.
Back to the Future.

More news stories

Airbnb rental site raises $450 mn

Online lodging listings website Airbnb inked a $450 million funding deal with investors led by TPG, a source close to the matter said Friday.

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...