Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The buzz starts low and quickly gets louder as a toy quadricopter flies in low over the buildings. It might look like flight enthusiasts having fun, but it could be a future threat to computer networks.

In two separate presentations last month, researchers showed off remote-controlled aerial vehicles loaded with technology designed to automatically detect and compromise wireless networks. The projects demonstrated that such drones could be used to create an airborne botnet controller for a few hundred dollars.

Attackers bent on espionage could use such drones to find a weak spot in corporate and home Internet connections, says Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones.

“You can bring the targeted attack to the location,” says Dietrich. “[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it.”

Dietrich and two students presented details of their drone, dubbed SkyNet, at the USENIX Security Conference in mid-August. They used a quadricopter—a toy that costs less than $400—to carry a lightweight computer loaded with wireless reconnaissance and attack software. They controlled the homemade drone with a 3G modem and two cameras that send video back to the attacker. It cost less than $600 to build.

The researchers showed that the drone can even be used to create and control a botnet—a network of compromised computers. So instead of controlling a botnet via a command-and-control server on the Internet—a common technique that can lead investigators back to the operator—the hackers can issue commands via the drone. This method creates an “air gap”—where two systems, or networks, are physically separated—that could prevent investigators from identifying those responsible for an attack.

In the past, others have demonstrated radio-controlled planes and model rockets capable of scanning for wireless networks. A pair of security consultants also unveiled a repurposed Army target drone at the Black Hat Security Briefings conference in August that could scan for and compromise wireless networks. Dubbed the Wireless Aerial Surveillance Platform, or WASP, the drone flies fairly silently. It can find and track cell phones, illustrating another use of the devices, said one of the presenters, Richard Perkins, a security consultant to financial institutions.

“We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” he says.

In both cases, the drone attacks are designed to get around the heavily guarded “front door” of information networks—the main connection to the Internet. Wireless networks are typically less secure.

“People see the threat coming from the Internet,” Dietrich says. “What they are forgetting is that behind their back, there is that wireless network that may not be properly protected.”

The best defense against wireless attacks is to be aware of what’s happening on internal networks, says Tom Kellerman, chief technology officer of the wireless security firm AirPatrol. “If you are a Fortune 1,000, you should be concerned, because competitive intelligence has evolved,” he says. “It has taken on a whole new arsenal of capabilities due to cyber and wireless.”

Companies should have technology to detect rogue devices on their networks and lock down their existing wireless access points, he says.

7 comments. Share your thoughts »

Credit: Stevens Institute of Technology

Tagged: Computing, networks, hack, drone

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me