We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Intelligent Machines

The Next Wave of Botnets Could Descend from the Skies

Researchers are developing hacking drones that could build a wireless botnet or track someone via cell phone.

The buzz starts low and quickly gets louder as a toy quadricopter flies in low over the buildings. It might look like flight enthusiasts having fun, but it could be a future threat to computer networks.

Hacking on high: The SkyNet drone, built from a toy quadricopter and a small computer, can fly for up to 13 minutes, or land and then operate for nearly two hours.

In two separate presentations last month, researchers showed off remote-controlled aerial vehicles loaded with technology designed to automatically detect and compromise wireless networks. The projects demonstrated that such drones could be used to create an airborne botnet controller for a few hundred dollars.

Attackers bent on espionage could use such drones to find a weak spot in corporate and home Internet connections, says Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones.

“You can bring the targeted attack to the location,” says Dietrich. “[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it.”

Dietrich and two students presented details of their drone, dubbed SkyNet, at the USENIX Security Conference in mid-August. They used a quadricopter—a toy that costs less than $400—to carry a lightweight computer loaded with wireless reconnaissance and attack software. They controlled the homemade drone with a 3G modem and two cameras that send video back to the attacker. It cost less than $600 to build.

The researchers showed that the drone can even be used to create and control a botnet—a network of compromised computers. So instead of controlling a botnet via a command-and-control server on the Internet—a common technique that can lead investigators back to the operator—the hackers can issue commands via the drone. This method creates an “air gap”—where two systems, or networks, are physically separated—that could prevent investigators from identifying those responsible for an attack.

In the past, others have demonstrated radio-controlled planes and model rockets capable of scanning for wireless networks. A pair of security consultants also unveiled a repurposed Army target drone at the Black Hat Security Briefings conference in August that could scan for and compromise wireless networks. Dubbed the Wireless Aerial Surveillance Platform, or WASP, the drone flies fairly silently. It can find and track cell phones, illustrating another use of the devices, said one of the presenters, Richard Perkins, a security consultant to financial institutions.

“We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” he says.

In both cases, the drone attacks are designed to get around the heavily guarded “front door” of information networks—the main connection to the Internet. Wireless networks are typically less secure.

“People see the threat coming from the Internet,” Dietrich says. “What they are forgetting is that behind their back, there is that wireless network that may not be properly protected.”

The best defense against wireless attacks is to be aware of what’s happening on internal networks, says Tom Kellerman, chief technology officer of the wireless security firm AirPatrol. “If you are a Fortune 1,000, you should be concerned, because competitive intelligence has evolved,” he says. “It has taken on a whole new arsenal of capabilities due to cyber and wireless.”

Companies should have technology to detect rogue devices on their networks and lock down their existing wireless access points, he says.

Keep up with the latest in intelligent machines at EmTech Digital.

The Countdown has begun.
March 25-26, 2019
San Francisco, CA

Register now
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Print Subscription.
  • Print Subscription {! insider.prices.print_only !}*

    {! insider.display.menuOptionsLabel !}

    Six print issues per year plus The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Print magazine (6 bi-monthly issues)

    The Download: newsletter delivery each weekday to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.