SkyNET: DIY drone helicopter WiFi attacks for less than $600

Filed Under: Data loss, Malware, Mobile, Privacy

Quadricopter WiFi attackIf you saw a toy quadricopter flying outside your office would you be alarmed?

Researchers at the Stevens Institute of Technology, New Jersey, believe they have dreamt up a way for malicious hackers to break into WiFi networks and commandeer computers into a botnet - not via the internet, but using a DIY drone helicopter that costs less than $600.

With one mischievous eye towards the "Terminator" movies, Theodore Reed, Joseph Geis and Sven Dietrich have dubbed their creation "SkyNET" and say that for a few hundred dollars an off-the-shelf remote-controlled quadricopter can be turned into a stealth device which can seek out poorly protected WiFi networks, and then infect computers attached to them.

Because botmasters use the internet to deliver commands to their networks of compromised computers (which can in turn provide clues on if a botnet is active, and how to defend against it), the researchers were curious as to whether there were other ways to both create a botnet and send it instructions.

And thus, SkyNET was born.

SkyNET

The Parrot AR.Drone quadricopter sells for less than $300 on Amazon, and once modded with a lightweight computer running Linux, a 3G mobile broadband data connection, GPS receiver and two WiFi cards (one to receive commands, and the other to attack wireless networks) it's ready.

According to Reed, Geis and Dietrich the whole system can be built for less than $600.

Via a web interface and built-in forward-facing camera, the drone can be flown into position to hunt for WiFi networks. It can even conduct attacks while in flight for an average of 20 minutes - but because of battery life limits it's probably more realistic to land it in a position where it can do its dirty work for an average of up to 2.5 hours.

On a subsequent trip it selects which networks to attack (simple if the wireless network is unprotected or using weak WEP encryption, but more complicated cracking can, say the researchers, be offloaded to Amazon's EC2 cloud as it too computationally intensive to do onboard the helicopter).

Once it has cracked into networks, SkyNET would theoretically be capable of recruiting computers into its botnet and send them commands.

As the above promotional YouTube video from Parrot proves, the quadricopter is a neat device - capable of manouevering itself into extraordinary positions in the hands of a skilled operator.

In feasibility tests in New York City, the researchers found a large number of exposed wireless access points which - if they had been so minded - they could have attempted to infiltrate.

SkyNET feasibility tests

Yes, it's an awful lot of effort to go to to send some Viagra spam. But that's probably not the reason why an attack like this would be contemplated. If something like this were to be used I suspect it would be in the form of a more targeted attack, with the drone flown to a hard-to-reach part of the target office's rooftop to collect data and inject attacks.

That doesn't mean it would necessarily be undetectable, of course. The research paper says that it may be possible to correlate the location of affected host computers and analysis may reveal the approximate relative location of the drone.

Furthermore, a drone might be traced back to the location where the botmaster plans to retrieve his device - one wonders if he would pose as a park-goer playing with an expensive toy.

In addition, lets not forget, unlike just about any other form of computer attack this is one which simply won't work when the weather is too wet or windy.

Hat tip: "SkyNET: a 3G-enabled mobile attack drone and stealth botmaster" [PDF] via Technology Review.

, , , , , , , , , ,

You might like

11 Responses to SkyNET: DIY drone helicopter WiFi attacks for less than $600

  1. Tyw7 · 1148 days ago

    I would sure to be suspicious if an unmanned drone was flying outside my window. More realistically the drone could be equipped with a camera to spy on the occupants.

    Furthermore, how can malware be installed without user interaction on a well protected Windows or Mac pc?

  2. T.Anne · 1148 days ago

    I must admit - the thought of something like this working is a bit freaky. I don't think most people would think anything about one of those flying around (depending on where their office is)... but if it's spotted just sitting outside, that would be a different story. And if it was spotted - would anyone do anything about it or just figure it was accidentally left there and just leave it for the owner to come back and get?

  3. john mcguire · 1148 days ago

    Why build this with a $300 helecoptor when you could build it with a $2 balloon and loft higher loads longer.

  4. Craig · 1146 days ago

    We need USB powered surface to air missiles to blow this threat from our skies, or scale model trebuchets that can deliver flaming packets of justice to take on the ill packets of this copterbot.

    Would the attackers have the dexterity to fly it close enough for it to work? The blades being exposed could allow it to become a kamikaze if cornered.

  5. He he he. Of course anyone flying one of those near a tall building is going to get called a terrorist!

    But a super idea. Use the in built camera and shoulder surf passwords from the office wallahs, recording it to your iphone thingy. Actually, that's not a bad idea ... hmm.

    As john mcguire says, why not get a couple of baloons? A nice weather baloon is about £20 from amazon dot com but not co uk strangely. I suppose one really needs a dirigible.

    chin chin
    InfosecChap

  6. alandeanreeder · 1145 days ago

    i would not be surprised if the government would use this to spy on the american people. after all, the patriot act allows them to search with out a warrant.

  7. LookingatyouKid! · 1145 days ago

    Youre all being logged as potential terrorists.....Be aware those at the CIA and FBI will storm any teacup if it makes us look like we have dismantled another potential easy to tackle "terrorist" Dont even move! Were coming to get you!

  8. ibsteve2u · 1145 days ago

    I suspect that it would be good huntin'...I flipped my Kindle out of 3G into wifi out of boredom and idle curiosity as I was waiting in a van "somewhere" the other day, and darned if I didn't immediately see a law firm's router - with a SSID incorporating the name of the law firm - right there, unencrypted. If I was a crook, a muckraker for a sleazy tabloid, a competitor to someone who retained that law firm, a prosecutor, a divorce attorney for the "other" spouse...

    People are slow learners...even those who truly do have something to protect.

  9. GJSchaller · 1143 days ago

    Most computers have some form of discovery or support service (such as streaming music, sharing files, remote control software for IT support, etc.) that can be exploited by a remote attacker. A well-protected computer will be harder to crack, but just like a bank or other security system, a smart and resourceful enough attacker can find a way in with enough effort.

    The drones are toys, and fragile - the blades won't cut anyone before the drone crashes. You may get a few scrapes, but that's it. A stiff breeze presents a challenge to them (I've seen them in action in a windy hallway, it was amusing).

    In regards to a balloon, a drone has the advantage of precise maneuvering, smaller size, and easy retrieving (a.k.a. evidence removal once the job is done). You can also re-use it multiple times, unlike a balloon, which you might not be able to retrieve.

  10. Zero Hatake · 1143 days ago

    couldent we use emp?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.