Feeds

DIY aerial drone monitors Wi-Fi, GSM networks

Passwords cracked on the fly

Security for virtualized datacentres

Defcon Hobbyist hackers have built a DIY flying spy drone that's capable of intercepting communications over remote Wi-Fi and cellular networks and beaming them to snoops located half a world away.

Short for wireless aerial surveillance platform, the WASP is equipped with a battery of off-the-shelf hacking tools that can secretly hover over unsuspecting targets and infiltrate their networks. A 4G cellular connection links it to a back-end server that allows operators to control its operations and monitor its sensors in realtime.

All of the tools have been around for years, or even decades. What makes WASP novel is their all-in-one packaging in a 14-pound plane that can penetrate a target's geographical boundaries to tap a variety of electronic sources.

“Our goal was to take all these things, Black Hat and Defcon's greatest hits, and to put them in a target remotely from a long way away and offer it to a distributed user base,” Mike Tassey, one of the creators of WASP, said at the Defcon hacker conference in Las Vegas on Friday. “The idea was to illuminate the idea that old dogs have plenty of tricks left in them.”

WASP flying spy drone

WASP flying spy drone at the Defcon hacker conference (click to enlarge)

Styrofoam WASP

WASP is made mostly of styrofoam (click to enlarge)

At 27 inches high and 76 inches long, WASP can reach altitudes of 22,000 feet. It's equipped with a small computer running BackTrack 5, a penetration-testing tool that contains more than 500 separate components for hacking wireless networks, voice-over IP servers and other sensitive systems. It also contains hardware for spoofing GSM base stations that can intercept cellphone conversations of people in the vicinity.

Additional kit monitors communications sent over Bluetooth frequencies and data sent by RFID devices.

WASP connects to a control server through a secure VPN channel that's equipped with additional gear. A GPU from Nvidia can take a four-way handshake sniffed from the drone's wireless card to brute-force the WPA password, trying more than 350 million possible phrases in less than five hours. The back-end server also connects to a real GSM network, so the controllers can monitor calls in progress between a target on the ground and whoever is on the other end.

WASP, which is further described here, cost about $62,000 $6,200 to build and takes about 30 minutes for someone to learn how to fly.

“We really tried hard to make sure everything is above board, so when government agencies look at it everything is OK,” said Rich Perkins, the other creator of WASP. But he admits: “In the wrong hands, it could do a metric shit ton of evil.” ®

Security for virtualized datacentres

More from The Register

next story
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
What's that STINK? Rosetta probe shoves nose under comet's tail
Rotten eggs, horse dung and almonds – yuck
Comet Siding Spring revealed as flying molehill
Hiding from this space pimple isn't going to do humanity's reputation any good
Kip Thorne explains how he created the black hole for Interstellar
Movie special effects project spawns academic papers on gravitational lensing
Experts brand LOHAN's squeaky-clean box
Phytosanitary treatment renders Vulture 2 crate fit for export
LONG ARM of the SAUR: Brachially gifted dino bone conundrum solved
Deinocheirus mirificus was a bit of a knuckle dragger
Moment of truth for LOHAN's servos: Our US allies are poised for final test flight
Will Vulture 2 freeze at altitude? Edge Research Lab to find out
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.