Forbes reports on the latest from this team, who uses the original Ardupilot as an autopilot:
At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year’s worth of progress on their Wireless Aerial Surveillace Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack sized on-board Linux computer packed with network-hacking tools including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae.
“This is like Black Hat’s greatest hits,” Tassey says. “And it flies.”
On top of cracking wifi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane’s antenna rather than their carrier, allowing the drone to record conversations and text messages on a 32 gigs of storage. A 4G T-mobile card routes the communications through voice-over-Internet or traditional phone connections to avoid dropping the call. “Ideally, the target won’t even know he’s being spied on,” says Tassey.
That GSM hack is based on a demonstration that security researcher Chris Paget performed at Defcon last year, showing that with a powerful enough antenna placed close enough to target phones, the victims’ handsets can be tricked into connecting to Paget’s setup instead of the carrier’s tower. Perkins and Tassey have implemented the same tools in their airborne hacking machine, and like Paget, used a portion of the radio frequency band set aside for Ham radios to avoid violating FCC regulations. They don’t plan to demonstrate the phone-hacking trick at the conference, and tested it only in isolated conditions to ensure their flying contraption wasn’t illegally eavesdropping on random strangers’ phones. “We want to make sure we’re not stepping on any cell providers’ toes,” says Tassey.
And why build a digital spy drone? Perkins, an Air Force contractor focused on cybersecurity who once owned a airplane hobby shop, and Tassey, an ex-Air Force consultant with Engineering Systems Solutions, say they wanted to demonstrate the vulnerability of government and corporate facilities to a nimble eavesdropping machine that can cover large distances and circle above a target. Though it requires remote control to take off and land, WASP can be set to fly a pre-programmed course once airborne and loiter around any chosen area. “We wanted to bring to light how far the consumer industry has progressed, to the point where public has access to technologies that put companies, and even governments at risk from this new threat vector that they’re not aware of,” says Perkins.
(via SUAS News)
Comments
@Stg Rick
That is one of Fred Marks (FMA Direct) target drones.
Mike Tassey and Richard Perkin have done an excellent job ... Kudos to them ..
However I have some reservations about the whole episode ...
@ionut and @Ritchie have already hit the nail on the head......
We all know the ability to intercept cell phones exists and there's no rocket science involved and we definitely don't need an aerial platform to do this. Even the hardware and software is available off the shelf ..... We must realize that air traffic is a very sensitive issue especially after the recent events. Such experiments by hobbyists and their abundant publicity will definitely cause concerned agencies to look at this hobby more critically. The implications are far reaching ... Once a blanket of "Security Threat" is thrown around this hobby we can all kiss our beautiful drones, planes, helies and all other Hobby UAVs goodbye, pack the up and hope that one day our grand children/ Great grand children may get to take them out.
I'm glad someone is with me on this. I was starting to get lonely.
Ethan, you're taking the words right out of my mouth!
You advance technology by improving on current technology. But if you refuse to look for problems in the current technology or ignore them, then it ceases to advance....
I think it's great work that these guys are doing!
@ionut
I don't think he specifically built this drone 'regarding a governmental flaw'. People are willing to spend their own hard-earned cash on the things they love to do. That's what all of us do here on DIY drones. We spend plenty of money building these drones because we enjoy it.
What would you consider "real value"? This team did not use any public funds in building this drone. Tassey and Perkins probably love to make and hack things up, so they made this security pen. testing drone because it was fun for them. I'm sure they get use out of it as they do work in the security industry. Being the one to say, "I helped advance things in the security realm" is an added bonus to doing fun things.
Would anyone on the ground have been even more concerned if they had noticed that the airframe is a Sukhoi?
Chuckle, chuckle.
There's nothing illegal about what their doing. They did all their testing in isolated areas. They broke no laws.
This is how security evolves--how it grows. This is most definitely a good thing. Someone tests a security flaw in an isolated lab where no one is harmed, then presents it to the people that need to know in order to fix the security flaw. You don't see information in that report on the technical details of how its done. They didn't release any plug-and-play tools to perform these exploits so script kiddies can wreak havoc. Just like in the article, they point it out saying this is possible and this is the concept behind it. It's up to those who are in charge of the security to implement fixes and train staff on this type of exploit.
Just like on anything, sweeping these scary subjects under the rug is more destructive than bringing it out to give the people in charge a chance to fix it. If they choose not to fix it, then it's negligence and its on their head.
This sort of stuff has been banded around and anyone in the business or with some savvy knows what can be done. This also means that they are smart enough to keep it quiet so they do not ruin other peoples fun. This is a horrid post and can only bring bad light to the hobby regardless of its technical side.
Wardriving was low profile until someone got jail time and this project is just giving more publicity to a part of the hobby that should never have publicity.