WASP: The Linux-powered flying spy drone that cracks Wi-Fi & GSM networks

DcData AdminPublic

The Black Hat Security Conference and DEFCON bring together the world’s professional hackers, security researchers, goverment representatives, journalists, and just about anyone who thinks of themselves as a hacker. They listen to talks about security, show off the latest novel hacks, and generally share information about the state of computer security.

Every year there’s a highlight to the conferences, and this year it looks like that highlight may be a flying drone, or unmanned aerial vehicle (UAV). This drone is called the Wireless Aerial Surveillance Platform, or WASP. It’s an ex-U.S. Army spy drone measuirng over 6-feet in length and wingspan that has been modified to make it more useful for hackers in our built-up, communication-heavy urban environments.

If you happen to see this yellow drone flying above your neighborhood you’d be right to be concerned. WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. BackTrack offers a full suite of digital forensics and penetration testing tools making it a good fit for this setup.

WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages made over that network by any phone deciding to connect through it.

While such a drone may violate a few flying laws, it doesn’t break any FCC regulations as it uses the HAM radio frequency band or a 3G connection for communication. As to the reason for building it, creators Mike Tassey and Richard Perkins just wanted to prove there is a vulnerability that can easily be taken advantage of with a UAV such as this.

WASP is an open source platform using Arduino that Tassey will discuss how to build at DEFCON-19 next week. It was originally unveiled last August with the following video giving you a close up view and interview with the creators:

The main developments since last year seem to be the open-sourcing of the design rather than just relying on the ex-Army drone, and the GSM compatibility being added, which they were really eager to get working last August.

Apart from a manual take off and landing, WASP can be preloaded with GPS co-ordinates and then fly a course using its on-board electric motor. You could put this drone in the air and have it return some time later with 32GB of fresh data to look through, or monitor it from a base station and switch to loiter mode if you find an interesting area. The on-board HD camera also means it’s easy to capture video footage of an area, or a test flight like this:

The main take-away from the WASP project is that this is just two guys building a UAV in their spare time that can easily collect data from Wi-Fi and GSM networks with little input from the operator. There’s even instructions available to create your own. That makes it more than worthy of a talk at DEFCON, but also worth the time of network operators to see how they could counteract such a system from ever being used successfully.

Source