How to spy on your neighbors with an unmanned aerial vehicle

Two do-it-yourself hackers have built an unmanned aerial vehicle that they can use to spy on computer networks from above. Created on a lark as an intellectual curiosity, the project shows that it’s not that hard to create a low-cost UAV that could do some serious damage to your neighbor’s privacy.

Security researchers Richard Perkins (pictured in purple) and Mike Tassey (in black) told an audience at the Black Hat security conference in Las Vegas how they created the mini spy plane for just a few thousands of dollars. They jokingly called their talk the “Aerial Cyber Apocalypse” and refer to their cyber attack method as “war flying.”

It may sound crazy, but the project shows that it’s not that hard to create one more vector for compromising the security of computer networks — a vector that comes from above the networks and is not likely to be anticipated by anyone who is targeted by it. It’s also one more example of the free-wheeling environment at Black Hat, where security researchers are encouraged to broach whimsical and uncomfortable topics.

The system uses an old foam-based U.S. Army drone airframe (FMQ-117B) that can carry less than 20 pounds altogether. Perkins, a hobbyist collector, had one of these in his basement.

“Doesn’t everyone have one of these at home?” Perkins joked.

The yellow drone (pictured) has wireless hardware on board to capture signals from Wi-Fi networks and then relay them to someone with a remote control unit on the ground. The drone can also imitate the actions of a cell phone tower and hack into cell phone calls (this is not legal, so the researchers did not actually demonstrate this capability onstage).

“This can give hackers direct access to otherwise inaccessible targets,” Tassey said. “They can converge in real-time behind an airplane and penetrate the security of a physical location. No one is looking at the sky.”

Perkins and Tassey controlled the system with a remote control and a Wi-Fi connection. On the ground, they processed data with a generic Intel-based PC with a 3.06 gigahertz processor, 4 gigabytes of main memory, a 500 gigabyte hard drive, and an Nvidia CUDA-based GTX 470 graphics chip.

The GPS transmitter on the drone sends telemetry data via a download link to the base station on the ground, and also enables the ground-based controller to upload flight commands.

In a video, they showed the UAV flying around 500 feet off the ground. It makes a little bit of a buzzing sound but they say you can’t hear it from more than 50 feet away.  The airframe was free for them but is available for sale on eBay usually for a few hundred dollars. All told, the researchers spent $6,190 on the project, plus hundreds or thousands of hours of their time.

To target a network, the two send the drone into the air, have it monitor a Wi-Fi network from above, capture the data flowing through that network, and then send the data back to the computer on the ground. They can hack a secure Wi-Fi network with brute force techniques and come up with a password in about 4.5 hours.

In addition, the system can do recon on unencrypted wireless networks, eavesdrop on calls or jam cellular signals and reroute dialed numbers from a cell phone. The device could be used to spy on sensitive national areas, like the secret Area 51 military base in Nevada. Of course, that’s not legal.

“We can follow a target home from a place of work,” Perkins said. “Instead of calling 911, we could redirect your call so you’re calling me. You can customize this to the mission that you want.”

The device could also be used for good. You could, for instance, create an ad-hoc cell phone site in the air to provide service to a disaster area. It could also be used for search and rescue tasks or law enforcement and border protection. The military already uses drones for intelligence purposes.

Tassey said that terrorists could also use this kind of technology to build a fleet of UAVs that could do some serious damage with them. The researchers say that their project isn’t meant to give those people ideas; it’s aimed at raising awareness of the risks that exist.

In one test, the researchers said they detected 50 wireless networks. The Federal Aviation Administration requires that unmanned aircraft fly lower than 400 feet, but the drone that the men created is capable of flying up to 22,000 feet high.

“If we can do this, then the bad guys can do it and they won’t tell you about it,” Perkins said. “You don’t need a Ph.D. from MIT to do this.”

0 comments