The Black Hat Security Conference and DEFCON bring together the world’s professional hackers, security researchers, goverment representatives, journalists, and just about anyone who thinks of themselves as a hacker. They listen to talks about security, show off the latest novel hacks, and generally share information about the state of computer security.
Every year there’s a highlight to the conferences, and this year it looks like that highlight may be a flying drone, or unmanned aerial vehicle (UAV). This drone is called the Wireless Aerial Surveillance Platform, or WASP. It’s an ex-U.S. Army spy drone measuirng over 6-feet in length and wingspan that has been modified to make it more useful for hackers in our built-up, communication-heavy urban environments.
If you happen to see this yellow drone flying above your neighborhood you’d be right to be concerned. WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. BackTrack offers a full suite of digital forensics and penetration testing tools making it a good fit for this setup.
WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages made over that network by any phone deciding to connect through it.
While such a drone may violate a few flying laws, it doesn’t break any FCC regulations as it uses the HAM radio frequency band or a 3G connection for communication. As to the reason for building it, creators Mike Tassey and Richard Perkins just wanted to prove there is a vulnerability that can easily be taken advantage of with a UAV such as this.
WASP is an open source platform using Arduino that Tassey will discuss how to build at DEFCON-19 next week. It was originally unveiled last August with the following video giving you a close up view and interview with the creators:
The main developments since last year seem to be the open-sourcing of the design rather than just relying on the ex-Army drone, and the GSM compatibility being added, which they were really eager to get working last August.
Apart from a manual take off and landing, WASP can be preloaded with GPS co-ordinates and then fly a course using its on-board electric motor. You could put this drone in the air and have it return some time later with 32GB of fresh data to look through, or monitor it from a base station and switch to loiter mode if you find an interesting area. The on-board HD camera also means it’s easy to capture video footage of an area, or a test flight like this:
The main take-away from the WASP project is that this is just two guys building a UAV in their spare time that can easily collect data from Wi-Fi and GSM networks with little input from the operator. There’s even instructions available to create your own. That makes it more than worthy of a talk at DEFCON, but also worth the time of network operators to see how they could counteract such a system from ever being used successfully.