The buzz starts low and quickly gets louder as a toy quadricopter flies in low over the buildings. It might look like flight enthusiasts having fun, but it could be a future threat to computer networks.
In two separate presentations last month, researchers showed off remote-controlled aerial vehicles loaded with technology designed to automatically detect and compromise wireless networks. The projects demonstrated that such drones could be used to create an airborne botnet controller for a few hundred dollars.
Attackers bent on espionage could use such drones to find a weak spot in corporate and home Internet connections, says Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones.
“You can bring the targeted attack to the location,” says Dietrich. “[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it.”
Dietrich and two students presented details of their drone, dubbed SkyNet, at the USENIX Security Conference in mid-August. They used a quadricopter—a toy that costs less than $400—to carry a lightweight computer loaded with wireless reconnaissance and attack software. They controlled the homemade drone with a 3G modem and two cameras that send video back to the attacker. It cost less than $600 to build.
The researchers showed that the drone can even be used to create and control a botnet—a network of compromised computers. So instead of controlling a botnet via a command-and-control server on the Internet—a common technique that can lead investigators back to the operator—the hackers can issue commands via the drone. This method creates an “air gap”—where two systems, or networks, are physically separated—that could prevent investigators from identifying those responsible for an attack.
In the past, others have demonstrated radio-controlled planes and model rockets capable of scanning for wireless networks. A pair of security consultants also unveiled a repurposed Army target drone at the Black Hat Security Briefings conference in August that could scan for and compromise wireless networks. Dubbed the Wireless Aerial Surveillance Platform, or WASP, the drone flies fairly silently. It can find and track cell phones, illustrating another use of the devices, said one of the presenters, Richard Perkins, a security consultant to financial institutions.
“We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” he says.
In both cases, the drone attacks are designed to get around the heavily guarded “front door” of information networks—the main connection to the Internet. Wireless networks are typically less secure.
“People see the threat coming from the Internet,” Dietrich says. “What they are forgetting is that behind their back, there is that wireless network that may not be properly protected.”
The best defense against wireless attacks is to be aware of what’s happening on internal networks, says Tom Kellerman, chief technology officer of the wireless security firm AirPatrol. “If you are a Fortune 1,000, you should be concerned, because competitive intelligence has evolved,” he says. “It has taken on a whole new arsenal of capabilities due to cyber and wireless.”
Companies should have technology to detect rogue devices on their networks and lock down their existing wireless access points, he says.