WarFlying: UAVs and Wi-Fi Hacking

31 03 2012

by Michael Timko

Drone Proliferation and the DIYer

RC helicopters and planes have been a DIY hobby for years.  But this area has gained much momentum lately with research being done at major universities in smarming quadcopters and small autonomous planes. [1][2] Unmanned Aerial Vehicles are no longer just the purview of the military and are becoming very common.  As the proliferation of drones in the US grows and with the approval of recent FAA legislation to open up the National Air Space (NAS), there will be continued growth in both the hobby area as well as private sector. [3] The potential for aerial hacking will only increase as parts become less expensive and easy to obtain and thereby enabling another method of hacking.  The area of small UAVs has grown from a simple DIY hobby to actual companies offering sophisticated devices capable of carrying payloads and flying for relatively long periods of time.  While many will use these devices for simple recreation or even as an aerial photographer for realtors, others will no doubt use them to invade your privacy with their on-board cameras. [4] There is very active discussion about public and civilian UAVs using cameras and violating the average citizens privacy which in itself is a lengthy discussion.  My concern goes one step further…WarFlying.

A Little Bit of History

Many are familiar with the term “war-driving”, which is a derivation of the term war-dialing coined from the movie War Games. [5]  This is the activity of driving around searching for Wi-Fi networks that are unsecured and open for attack.  Hackers will do anything ranging from simply using your Internet connection for their benefit to stealing personal information.  The Internet is rife with how-to websites that give you step-by-step instructions on how to access personal networks and where to obtain the parts. [6] Originally designed to detect and intercept unsecured or WEP protected networks, this form of attack is now being used on WPA/WPA2 as well. [7]  No longer relegated to just the ground anymore, hacking has taken to the skies with war-flying.  At least as far back as 2002, in Australia, a hobbyist was able to fly at an altitude of 1,500 feet and capture emails and IRC communication. [5] These systems were either open or WEP secured, but what proved to be more of an issue, was the availability of picking up signals above the buildings at such a distance since there were no obstacles.

To the Forefront – the Good and the Bad

Recently, two men working on a hobby project of their own used a surplus military drone and easily obtainable parts to outfit their own aerial snooper.  Dubbed the WASP for Wireless Aerial Surveillance Platform, this UAV can intercept cell phone calls by spoofing a cell tower. [8] The duo spent around $6,000 to outfit the UAV with interchangeable parts that allowed for various types of spying.  They were also able to offload much of the intensive processing to ground based PCs using 3G Internet connection to speed up the hacking. [9] The WASP falls under the regulations that require it to fly under 400 feet and be in the line of sight, but with legislation changes – this limit will be changing. [10]

One part of the duo is a security consultant to Wall Street and the intelligence community.  Their goal was more a proof of concept but it is easy to see how this can be something that the malicious DIYer can exploit.  The hobby area of RC aircraft has blossomed as evidenced by the activity on just one website RCGROUPS.COM.  There are sections devoted to UAVs and to autonomous behavior, as well as obtaining inexpensive parts.   While this is an area that could provide a public service in the case of an emergency by relaying communication, it unfortunately opens up a much more nefarious opportunity for those wanting to do wrong.

Not only are people at risk of having their personal information intercepted, but corporations are at risk to a new form of Intellectual Property theft.  Companies do risk assessment to make sure they are protecting all of their assets, but by flying overhead and intercepting cell phone calls or network traffic, the very heart of what makes the organization a success can be in jeopardy.  Securing the airspace over a facility rarely enters the decision planning for risk assessment, but this is another area to consider.

It’s a Bird, It’s a Plane…Could be Both

No longer do we keep a look out for that suspicious vehicle driving around our neighborhood or place of work, but now the skies are open season for hackers too.  What could appear to be a small bird or harmless RC helicopter could be the next invasion to our electronic security. While we can do much to safeguard our networks, it is important to be aware of these threats and work to mitigate the vulnerabilities.

________________

[1] “Flying Robot Swarms the Future of Search and Rescue (4:05)”, https://www.grasp.upenn.edu/

[2] “Robust Real-Time SFM for SMAV”, http://www.cs.cmu.edu/~msuav/research.html

[3] “U.S. House and Senate Pass FAA Bill, Setting Requirements for UAS to Fly in the National Airspace
The bill awaits President Obama’s signature “, http://www.auvsi.org/auvsi/news

[4] “Warning from the LAPD–do not use UAVs commercially!”,  http://www.diydrones.com/profiles/blogs/warning-from-the-lapd-do-not-use-uavs-for-commercial-use

[5] “War flying: Wireless LAN sniffing goes airborne”, http://www.computerworld.com/s/article/73901/War_flying_Wireless_LAN_sniffing_goes_airborne

[6] “Become a War Driving Pro – Hack WEP and Wifi”, http://hacknmod.com/hack/become-a-war-driving-pro-hack-wep-and-wifi/

[7] “Cracking WPA in 10 Hours or Less”, http://www.devttys0.com/2011/12/cracking-wpa-in-10-hours-or-less/

[8] “DIY Spy Drone Sniffs Wi-Fi, Intercepts Phone Calls”, http://www.wired.com/threatlevel/2011/08/blackhat-drone/

[9] “War-flying with a Wi-Fi-sniffing drone”, http://blogs.computerworld.com/16767/war_flying_with_a_wi_fi_sniffing_drone

[10] “5 things you need to know about Drones”,  http://www.pbs.org/wnet/need-to-know/five-things/drones/12659/

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: