DIY aerial drone monitors Wi-Fi, GSM networks

Passwords cracked on the fly

Defcon Hobbyist hackers have built a DIY flying spy drone that's capable of intercepting communications over remote Wi-Fi and cellular networks and beaming them to snoops located half a world away.

Short for wireless aerial surveillance platform, the WASP is equipped with a battery of off-the-shelf hacking tools that can secretly hover over unsuspecting targets and infiltrate their networks. A 4G cellular connection links it to a back-end server that allows operators to control its operations and monitor its sensors in realtime.

All of the tools have been around for years, or even decades. What makes WASP novel is their all-in-one packaging in a 14-pound plane that can penetrate a target's geographical boundaries to tap a variety of electronic sources.

“Our goal was to take all these things, Black Hat and Defcon's greatest hits, and to put them in a target remotely from a long way away and offer it to a distributed user base,” Mike Tassey, one of the creators of WASP, said at the Defcon hacker conference in Las Vegas on Friday. “The idea was to illuminate the idea that old dogs have plenty of tricks left in them.”

WASP flying spy drone

WASP flying spy drone at the Defcon hacker conference (click to enlarge)

Styrofoam WASP

WASP is made mostly of styrofoam (click to enlarge)

At 27 inches high and 76 inches long, WASP can reach altitudes of 22,000 feet. It's equipped with a small computer running BackTrack 5, a penetration-testing tool that contains more than 500 separate components for hacking wireless networks, voice-over IP servers and other sensitive systems. It also contains hardware for spoofing GSM base stations that can intercept cellphone conversations of people in the vicinity.

Additional kit monitors communications sent over Bluetooth frequencies and data sent by RFID devices.

WASP connects to a control server through a secure VPN channel that's equipped with additional gear. A GPU from Nvidia can take a four-way handshake sniffed from the drone's wireless card to brute-force the WPA password, trying more than 350 million possible phrases in less than five hours. The back-end server also connects to a real GSM network, so the controllers can monitor calls in progress between a target on the ground and whoever is on the other end.

WASP, which is further described here, cost about $62,000 $6,200 to build and takes about 30 minutes for someone to learn how to fly.

“We really tried hard to make sure everything is above board, so when government agencies look at it everything is OK,” said Rich Perkins, the other creator of WASP. But he admits: “In the wrong hands, it could do a metric shit ton of evil.” ®

Sponsored: Designing and building an open ITOA architecture