LAS VEGAS — What do you do when the target you’re spying on slips behind his home-security gates and beyond your reach?
Launch your personal, specially equipped WASP drone — short for Wireless Aerial Surveillance Platform — to fly overhead and sniff his Wi-Fi network, intercept his cellphone calls, or launch denial-of-service attacks with jamming signals.
These are just a few of the uses of the unmanned aerial vehicle that security researchers Mike Tassey and Richard Perkins demonstrated at the Black Hat security conference here Wednesday.
At a cost of about $6,000, the two converted a surplus FMQ-117B U.S. Army target drone into their personal remote-controlled spy plane, complete with Wi-Fi and hacking tools, such as an IMSI catcher and antenna to spoof a GSM cell tower and intercept calls. It also had a network-sniffing tool and a dictionary of 340 million words for brute-forcing network passwords.
The GSM hack was inspired by a talk given at last year’s DefCon hacker conference by Chris Paget, who showed how to create a cellphone base station that tricks nearby handsets into routing their outbound calls through it instead of through commercial cell towers.
That routing allows someone to intercept even encrypted calls in the clear. The device tricks phones into disabling encryption, and records call details and content before they’re routed to their intended receiver through voice-over-internet protocol or redirected to anywhere else the hacker wants to send them.
The drone takes that concept and gives it flight. The plane weighs 14 pounds and is 6 feet long. Per FAA regulations, it can legally fly only under 400 feet and within line of sight. But the height is sufficient to quiet any noise the drone might produce, which the researchers said is minimal, and still allow the plane to circle overhead unobtrusively.
It can be programmed with GPS coordinates and Google maps to fly a predetermined course, but requires remote control help to take off and land.
The two security researchers created the spy plane as a proof of concept to show what criminals, terrorists and others might also soon be using for their nefarious activities.
Tassey, a security consultant to Wall Street and the U.S. intelligence community, told the conference crowd that if the two of them could think up and build a personal spy drone, others were likely already thinking about it, too.
The spy drones have multiple uses, both good and bad. Hackers could use them to fly above corporations to steal intellectual property and other data from a network, as well as launch denial-of-service or man-in-the-middle attacks. They could also transmit a cellphone jamming signal to frustrate an enemy’s communications.
“It’s hard to keep something that’s flying from getting over your facility,” Tassey said.
A drone could also be used to single out a target, using the target’s cellphone to identify him in a crowd, and then follow his movements. And it would be handy for drug smuggling, or for terrorists to trigger a dirty bomb.
But the drones don’t just have malicious uses. The researchers point out that they would be great for providing emergency cellular access to regions hit by a disaster.
The drones could also be outfitted with infrared cameras and shape-recognition technology to run search-and-rescue missions for lost hikers. The military could use them for electronic countermeasures to jam enemy signals or as communication relays flown over remote areas to allow soldiers on two sides of a mountain, for example, to communicate.
“You don’t need a PhD from MIT to do this,” Perkins said.