The buzz starts low and quickly gets louder as a toy quadricopter flies in low over the buildings. It might look like flight enthusiasts having fun, but it could be a future threat to computer networks.
In two separate presentations last month, researchers showed off remote-controlled aerial vehicles loaded with technology designed to automatically detect and compromise wireless networks. The projects demonstrated that such drones could be used to create an airborne botnet controller for a few hundred dollars.
Attackers bent on espionage could use such drones to find a weak spot in corporate and home Internet connections, says Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones.
“You can bring the targeted attack to the location,” says Dietrich. “[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it.”
Dietrich and two students presented details of their drone, dubbed SkyNet, at the USENIX Security Conference in mid-August. They used a quadricopter—a toy that costs less than $400—to carry a lightweight computer loaded with wireless reconnaissance and attack software. They controlled the homemade drone with a 3G modem and two cameras that send video back to the attacker. It cost less than $600 to build.
The researchers showed that the drone can even be used to create and control a botnet—a network of compromised computers. So instead of controlling a botnet via a command-and-control server on the Internet—a common technique that can lead investigators back to the operator—the hackers can issue commands via the drone. This method creates an “air gap”—where two systems, or networks, are physically separated—that could prevent investigators from identifying those responsible for an attack.
In the past, others have demonstrated radio-controlled planes and model rockets capable of scanning for wireless networks. A pair of security consultants also unveiled a repurposed Army target drone at the Black Hat Security Briefings conference in August that could scan for and compromise wireless networks. Dubbed the Wireless Aerial Surveillance Platform, or WASP, the drone flies fairly silently. It can find and track cell phones, illustrating another use of the devices, said one of the presenters, Richard Perkins, a security consultant to financial institutions.
“We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” he says.
In both cases, the drone attacks are designed to get around the heavily guarded “front door” of information networks—the main connection to the Internet. Wireless networks are typically less secure.
“People see the threat coming from the Internet,” Dietrich says. “What they are forgetting is that behind their back, there is that wireless network that may not be properly protected.”
The best defense against wireless attacks is to be aware of what’s happening on internal networks, says Tom Kellerman, chief technology officer of the wireless security firm AirPatrol. “If you are a Fortune 1,000, you should be concerned, because competitive intelligence has evolved,” he says. “It has taken on a whole new arsenal of capabilities due to cyber and wireless.”
Companies should have technology to detect rogue devices on their networks and lock down their existing wireless access points, he says.
How AI is reinventing what computers are
Three key ways artificial intelligence is changing what it means to compute.
These weird virtual creatures evolve their bodies to solve problems
They show how intelligence and body plans are closely linked—and could unlock AI for robots.
We reviewed three at-home covid tests. The results were mixed.
Over-the-counter coronavirus tests are finally available in the US. Some are more accurate and easier to use than others.
A horrifying new AI app swaps women into porn videos with a click
Deepfake researchers have long feared the day this would arrive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.