Computer security
specialists showed off a homemade drone aircraft Friday capable of
launching airborne cyber attacks, hijacking mobile phone calls, or even
delivering a dirty bomb.
Rich Perkins and Mike Tassey built the bright yellow Wireless Arial Surveillance Platform in a garage from a used US Army target drone that they customized to find mobile phones and Internet hotspots.
“It
will fly a plotted course and return to base,” Perkins said while
showing the WASP to AFP at a DefCon hackers gathering in Las Vegas.
“We loaded it up with the ability to attack Wi-Fi, Bluetooth, and GSM cellular networks.”
WASP
can grab packets of data being sent over the air on wireless networks,
or use unsecured hot spots as gateways through which cyber attacks can
be launched on computer systems.
The drone can grab GMS mobile phone identification
numbers that can then be used to bill outgoing calls. It can also let
hackers impersonate cell phone towers and eavesdrop on people’s calls.
Second-hand drones such as that used for WASP can be bought online for about $150.
The
rest of the parts were purchased by mail-order for a total tab reaching
$6,200, not counting the tremendous number of hours spent working on
the project started in 2009.
Perkins said the 14-pound (six-kilogram) drone was built to put the computer security industry on notice that the components are available for such “do-it-youself” creations, which could be used for good or evil.
WASP
could find mobile phones in disaster areas, potentially leading
rescuers to survivors. It could also fly over a disaster zone to act as a
mobile phone tower enabling calls.
On the evil side, WASP could
help slip into a company’s computer networks through unsecured wireless
networks set up in cafeterias or other spots for the convenience of
customers and employees.
The modified drone could also identify
key executives by their mobile telephones and then track their movements
to look for data-stealing opportunities, such as working on a laptop
connected wirelessly to the Internet at a cafe.
“I can take the
various pieces of your digital life — Bluetooth headset, cell phone,
Wi-Fi — and find the least secure place you exist and attack you there,”
Perkins said of WASP.
Such a drone could also carry a small
payload, opening up the potential for smugglers to use it or to serve as
a targeted biological or nuclear weapon in a terror attack, its
creators warned.
“I really fear a policy reaction that stifles research,” Perkins said.
“Let’s look at how to protect from the bad guys doing the same thing without telling us,” he urged.
Perkins
and Tassey displayed their creation to security industry professionals
here for a major Black Hat conference this week before taking it to
DefCon, the world’s largest hacker gathering that kicked off Friday.
Authorities
wouldn’t permit WASP to fly over populated areas such as Las Vegas, but
video taken from the drone during a flight over a rural area in the
United States was posted online at rabbit-hole.org.
No comments:
Post a Comment