Digital death rains from above! A pair of security researchers have turned a surplus U.S. Army drone plane into an airborne hacking platform that infiltrates Wi-Fi networks, intercepts cellphone calls, and even launches denial-of-service (DOS) attacks, according to media reports from the Black Hat security conference in Las Vegas.
Mike Tassey and Richard Perkins, security consultants to Wall Street firms and the U.S. intelligence community, built their Wireless Aerial Surveillance Platform (WASP) drone "as a proof of concept to show what criminals, terrorists and others might also soon be using for their nefarious activities," according to Wired.
Building on a concept originally demonstrated at last year's DefCon hacker conference by Chris Paget, the WASP drone's hacking toolkit includes an IMSI catcher and antenna that can impersonate a cellphone base station. Simply flip the switch and nearby cellphones are tricked into routing outbound calls through the WASP instead of through legit, commercial cell towers.
The WASP's cell tower spoof can even be used to intercept encrypted calls, tricking cellphones into disabling encryption and then either redirects call or records them using VoIP before they're routed to the intended receiver, according to Wired.
The drone can also use jamming signals to conduct DOS attacks on data providers, sniff out nearby wireless networks, and includes in its manifest "a dictionary of 340 million words for brute-forcing network passwords."
Tassey and Perkins said they built the WASP for $6,000, converting a surplus FMQ-117B U.S. Army target drone that runs quietly enough to patrol the skies unobtrusively from the FAA-mandated 400-foot ceiling at which it can legally fly (see video below of a test flight).
Perhaps the theoretical black hats who might want a WASP of their own wouldn't be as concerned about following FAA rules. But the remote-control drone still needs to be within line-of-sight for manually controlled take-offs and landings—though Tassey and Perkins said the WASP can be put on auto-pilot while in flight on a pre-determined course if it's programmed with GPS coordinates and Google maps.
The researchers said malicious hackers could easily build their own aerial hacking platforms, but that the WASP could be used for beneficial purposes as well, such providing emergency cellphone service in areas affected by a disaster.
Drone Plane Converted to Airborne Hacking Platform at Black Hat | News & Opinion | PCMag.com
Mike Tassey and Richard Perkins, security consultants to Wall Street firms and the U.S. intelligence community, built their Wireless Aerial Surveillance Platform (WASP) drone "as a proof of concept to show what criminals, terrorists and others might also soon be using for their nefarious activities," according to Wired.
Building on a concept originally demonstrated at last year's DefCon hacker conference by Chris Paget, the WASP drone's hacking toolkit includes an IMSI catcher and antenna that can impersonate a cellphone base station. Simply flip the switch and nearby cellphones are tricked into routing outbound calls through the WASP instead of through legit, commercial cell towers.
The WASP's cell tower spoof can even be used to intercept encrypted calls, tricking cellphones into disabling encryption and then either redirects call or records them using VoIP before they're routed to the intended receiver, according to Wired.
The drone can also use jamming signals to conduct DOS attacks on data providers, sniff out nearby wireless networks, and includes in its manifest "a dictionary of 340 million words for brute-forcing network passwords."
Tassey and Perkins said they built the WASP for $6,000, converting a surplus FMQ-117B U.S. Army target drone that runs quietly enough to patrol the skies unobtrusively from the FAA-mandated 400-foot ceiling at which it can legally fly (see video below of a test flight).
Perhaps the theoretical black hats who might want a WASP of their own wouldn't be as concerned about following FAA rules. But the remote-control drone still needs to be within line-of-sight for manually controlled take-offs and landings—though Tassey and Perkins said the WASP can be put on auto-pilot while in flight on a pre-determined course if it's programmed with GPS coordinates and Google maps.
The researchers said malicious hackers could easily build their own aerial hacking platforms, but that the WASP could be used for beneficial purposes as well, such providing emergency cellphone service in areas affected by a disaster.
Drone Plane Converted to Airborne Hacking Platform at Black Hat | News & Opinion | PCMag.com
