If you saw a toy quadricopter flying outside your office would you be alarmed?
Researchers at the Stevens Institute of Technology, New Jersey, believe they have dreamt up a way for malicious hackers to break into WiFi networks and commandeer computers into a botnet – not via the internet, but using a DIY drone helicopter that costs less than $600.
With one mischievous eye towards the “Terminator” movies, Theodore Reed, Joseph Geis and Sven Dietrich have dubbed their creation “SkyNET” and say that for a few hundred dollars an off-the-shelf remote-controlled quadricopter can be turned into a stealth device which can seek out poorly protected WiFi networks, and then infect computers attached to them.
Because botmasters use the internet to deliver commands to their networks of compromised computers (which can in turn provide clues on if a botnet is active, and how to defend against it), the researchers were curious as to whether there were other ways to both create a botnet and send it instructions.
And thus, SkyNET was born.
The Parrot AR.Drone quadricopter sells for less than $300 on Amazon, and once modded with a lightweight computer running Linux, a 3G mobile broadband data connection, GPS receiver and two WiFi cards (one to receive commands, and the other to attack wireless networks) it’s ready.
According to Reed, Geis and Dietrich the whole system can be built for less than $600.
Via a web interface and built-in forward-facing camera, the drone can be flown into position to hunt for WiFi networks. It can even conduct attacks while in flight for an average of 20 minutes – but because of battery life limits it’s probably more realistic to land it in a position where it can do its dirty work for an average of up to 2.5 hours.
On a subsequent trip it selects which networks to attack (simple if the wireless network is unprotected or using weak WEP encryption, but more complicated cracking can, say the researchers, be offloaded to Amazon’s EC2 cloud as it too computationally intensive to do onboard the helicopter).
Once it has cracked into networks, SkyNET would theoretically be capable of recruiting computers into its botnet and send them commands.
As the above promotional YouTube video from Parrot proves, the quadricopter is a neat device – capable of manouevering itself into extraordinary positions in the hands of a skilled operator.
In feasibility tests in New York City, the researchers found a large number of exposed wireless access points which – if they had been so minded – they could have attempted to infiltrate.
Yes, it’s an awful lot of effort to go to to send some Viagra spam. But that’s probably not the reason why an attack like this would be contemplated. If something like this were to be used I suspect it would be in the form of a more targeted attack, with the drone flown to a hard-to-reach part of the target office’s rooftop to collect data and inject attacks.
That doesn’t mean it would necessarily be undetectable, of course. The research paper says that it may be possible to correlate the location of affected host computers and analysis may reveal the approximate relative location of the drone.
Furthermore, a drone might be traced back to the location where the botmaster plans to retrieve his device – one wonders if he would pose as a park-goer playing with an expensive toy.
In addition, lets not forget, unlike just about any other form of computer attack this is one which simply won’t work when the weather is too wet or windy.Follow @gcluley
Hat tip: “SkyNET: a 3G-enabled mobile attack drone and stealth botmaster” [PDF] via Technology Review.