The Flying Cell Site: Hackers take to the air

You’ve got to love the annual Black Hat conference in Las Vegas; it’s the place to be for all the latest hacking scams and security concerns. Mike Tassey and Richard Perkins drove into Vegas with their latest demo, not believing the amount of attention they were to receive, because Mike and Rich have built an unmanned drone aircraft and equipped it with some extremely clever communications gear. The result is a flying base station that can intercept your calls.

 

Called the WASP (Wireless Arial Surveillance Platform), the flying base station is also a wi-fi packet sniffer, and it was all constructed from commercially available parts for around $6,000. The aircraft’s frame is a used US Army target drone that was bought for less than $300 on the internet. They then added a GSM radio to turn it into a mobile cellphone tower, a video camera to monitor the ground, a tablet computer to do the processing, and a USB dongle to give it internet connectivity. They wrote bespoke software to make it all work.

 

Demonstrating the WASP’s abilities to reporters from AFP (a static demo, as Las Vegas authorities wouldn’t permit a flying display), Perkins said:

 

“We loaded it up with the ability to attack wi-fi, Bluetooth, and GSM cellular networks.

I can take the various pieces of your digital life – Bluetooth headset, cell phone, wi-fi – and find the least secure place you exist and attack you there.”

 

Perkins added that the WASP can intercept data packets during transmission on wireless networks, collect GSM handset identification numbers (a process known as IMSI catchers) that can then be used to bill outgoing calls, and can allow hackers to impersonate cell towers to eavesdrop on calls. It can also use unsecured wi-fi hot spots as gateways for cyber attacks.

 

All the drone has to do to hack a mobile conversation is broadcast the same signal as the fixed (and legitimate) base station. A user’s phone will handshake with the strongest signal, which in this case will be the drone circling overhead. Naturally, you then have to know how to decrypt the information you collect, but that knowledge is available to any intelligent person with access to the internet (if you don’t believe us, wait until you read tomorrow’s report from the Black Hat conference).

 

To comply with US FAA regulations, the drone can fly no more than 400 feet above the ground, and within sight of whoever is using the remote control. But that’s fine for covert operation, say Perkins and Tassey, as potential ‘targets’ are likely to be within buildings and won’t notice the drone. And even if they did, would anyone think they are being spied upon?

 

Of course, what they are really doing is demonstrating the weaknesses and vulnerabilities of our communications networks, in a rather novel way. As Tassey says:

 

“If we thought about it, someone else has and they're just not telling you. All this requires is dedicated people. This does not come with morals or ethics.”

 

But it’s not all about the negatives. Perkins told AFP that the drone could find mobile phones in disaster areas, potentially leading rescuers to survivors. It could also fly over a disaster site to act as an emergency temporary base station.

 

Tassey and Perkins have published a video that was taken from an earlier test flight, together with much more information on their blog. So are drones the future of network hacking?