DIY aerial drone monitors Wi-Fi, GSM networks

Passwords cracked on the fly


Defcon Hobbyist hackers have built a DIY flying spy drone that's capable of intercepting communications over remote Wi-Fi and cellular networks and beaming them to snoops located half a world away.

Short for wireless aerial surveillance platform, the WASP is equipped with a battery of off-the-shelf hacking tools that can secretly hover over unsuspecting targets and infiltrate their networks. A 4G cellular connection links it to a back-end server that allows operators to control its operations and monitor its sensors in realtime.

All of the tools have been around for years, or even decades. What makes WASP novel is their all-in-one packaging in a 14-pound plane that can penetrate a target's geographical boundaries to tap a variety of electronic sources.

“Our goal was to take all these things, Black Hat and Defcon's greatest hits, and to put them in a target remotely from a long way away and offer it to a distributed user base,” Mike Tassey, one of the creators of WASP, said at the Defcon hacker conference in Las Vegas on Friday. “The idea was to illuminate the idea that old dogs have plenty of tricks left in them.”

WASP flying spy drone

WASP flying spy drone at the Defcon hacker conference (click to enlarge)

Styrofoam WASP

WASP is made mostly of styrofoam (click to enlarge)

At 27 inches high and 76 inches long, WASP can reach altitudes of 22,000 feet. It's equipped with a small computer running BackTrack 5, a penetration-testing tool that contains more than 500 separate components for hacking wireless networks, voice-over IP servers and other sensitive systems. It also contains hardware for spoofing GSM base stations that can intercept cellphone conversations of people in the vicinity.

Additional kit monitors communications sent over Bluetooth frequencies and data sent by RFID devices.

WASP connects to a control server through a secure VPN channel that's equipped with additional gear. A GPU from Nvidia can take a four-way handshake sniffed from the drone's wireless card to brute-force the WPA password, trying more than 350 million possible phrases in less than five hours. The back-end server also connects to a real GSM network, so the controllers can monitor calls in progress between a target on the ground and whoever is on the other end.

WASP, which is further described here, cost about $62,000 $6,200 to build and takes about 30 minutes for someone to learn how to fly.

“We really tried hard to make sure everything is above board, so when government agencies look at it everything is OK,” said Rich Perkins, the other creator of WASP. But he admits: “In the wrong hands, it could do a metric shit ton of evil.” ®


Other stories you might like

  • California state's gun control websites expose personal data
    And some of it may have been leaked on social media

    A California state website exposed the personal details of anyone who applied for concealed-carry weapons (CCW) permits between 2011 and 2021.

    According to the California Department of Justice, the blunder happened earlier this week when the US state's Firearms Dashboard Portal was overhauled.

    In addition to that portal, data was exposed on several other online dashboards provided the state, including: Assault Weapon Registry, Handguns Certified for Sale, Dealer Record of Sale, Firearm Safety Certificate, and Gun Violence Restraining Order dashboards. 

    Continue reading
  • Firefox kills another tracking cookie workaround
    URL query parameters won't work in version 102 of Mozilla's browser

    Firefox has been fighting the war on browser cookies for years, but its latest privacy feature goes well beyond mere cookie tracking to stop URL query parameters.

    HTML query parameters are the jumbled characters that appear after question marks in web addresses, like website.com/homepage?fs34sa3aso12knm. Sites such as Facebook and HubSpot use them to track users when links are clicked, and other websites like YouTube use them to enable certain site features too.

    On June 28, Firefox 102 released a feature that enables the browser to "mitigate query parameter tracking when navigating sites in ETP strict mode." ETP, or enhanced tracking protection, encompasses a variety of Firefox components that block social media trackers, cross-site tracking cookies, fingerprinting and cryptominers "without breaking site functionality," says Mozilla's ETP support page.

    Continue reading
  • India extends deadline for compliance with infosec logging rules by 90 days
    Helpfully announced extension on deadline day

    Updated India's Ministry of Electronics and Information Technology (MeitY) and the local Computer Emergency Response Team (CERT-In) have extended the deadline for compliance with the Cyber Security Directions introduced on April 28, which were due to take effect yesterday.

    The Directions require verbose logging of users' activities on VPNs and clouds, reporting of infosec incidents within six hours of detection - even for trivial things like unusual port scanning - exclusive use of Indian network time protocol servers, and many other burdensome requirements. The Directions were purported to improve the security of local organisations, and to give CERT-In information it could use to assess threats to India. Yet the Directions allowed incident reports to be sent by fax – good ol' fax – to CERT-In, which offered no evidence it operates or would build infrastructure capable of ingesting or analyzing the millions of incident reports it would be sent by compliant organizations.

    The Directions were roundly criticized by tech lobby groups that pointed out requirements such as compelling clouds to store logs of customers' activities was futile, since clouds don't log what goes on inside resources rented by their customers. VPN providers quit India and moved their servers offshore, citing the impossibility of storing user logs when their entire business model rests on not logging user activities. VPN operators going offshore means India's government is therefore less able to influence such outfits.

    Continue reading

Biting the hand that feeds IT © 1998–2022