Computer security specialists showed off a home-made drone aircraft Friday capable of launching airborne cyber attacks, hijacking mobile phone calls, or even delivering a dirty bomb. Rich Perkins and Mike Tassey built the bright yellow Wireless Arial Surveillance Platform in a garage from a used US Army target drone that they customised to find mobile phones and Internet hotspots.
"It will fly a plotted course and return to base," Perkins said while showing the WASP to AFP at a DefCon hackers gathering in Las Vegas. "We loaded it up with the ability to attack Wi-Fi, Bluetooth, and GSM cellular networks." WASP can grab packets of data being sent over the air on wireless networks, or use unsecured hot spots as gateways through which cyber attacks can be launched on computer systems. The drone can grab GMS mobile phone identification numbers that can then be used to bill outgoing calls. It can also let hackers impersonate cell phone towers and eavesdrop on people's calls.
Second-hand drones such as that used for WASP can be bought online for about $150. The rest of the parts were purchased by mail-order for a total tab reaching $6,200, not counting the tremendous number of hours spent working on the project started in 2009.
Perkins said the 14-pound (six-kilogram) drone was built to put the computer security industry on notice that the components are available for such "do-it-yourself" creations, which could be used for good or evil. WASP could find mobile phones in disaster areas, potentially leading rescuers to survivors. It could also fly over a disaster zone to act as a mobile phone tower enabling calls.
The modified drone could also identify key executives by their mobile telephones and then track their movements to look for data-stealing opportunities, such as working on a laptop connected wirelessly to the Internet at a cafe.