WASP: Drone Plane Becomes Hackers' Tool
Developers say tiny plane can eavesdrop.
LAS VEGAS, Aug. 8, 2011 — -- The age-old theory in warfare is that the best place to be is the high ground, from which you can see and attack your enemies. Richard Perkins and Mike Tassey decided to apply that idea to cyber warfare as well.
The result was the WASP -- short for Wireless Aerial Surveillance Platform. The two men, who say they both have long experience as computer security consultants for the U.S. government, took an Army-surplus drone airplane and turned it into an airborne hacking platform that they say can infiltrate your Wi-Fi network, intercept your cell phone calls, jam radio signals, even hack websites wirelessly. They say it cost them a grand total of $6,200.
They showed off the WASP at this month's Black Hat computer security conference in Las Vegas, an annual haven for tech mavens talking -- often in programming code -- about cyber attacks they would like to avoid. One way to anticipate what might be coming, many of them figure, is to try inventing what they think the bad guys would.
In other words, said Tassey, "If we thought about it, someone else has and they're just not telling you."
The WASP, about six feet long, was based on a plane the military has routinely used as a training target. They opened up the plane and added a cell phone, tablet computer and a few other pieces of electronics. They wrote software to read signals from ground-based phones and computer networks.
The FAA requires that a plane that size fly no more than 400 feet above the ground, and that it be within sight of whoever is controlling it by radio -- but that was all right with Perkins and Tassey. The WASP would still be high enough not to be noticed by people in an office building below who might be making calls or sending data, including sensitive material. The plane is battery powered and can only stay airborne for an hour, but the men said other versions might easily fly longer.
At last year's conference, another engineer, Chris Paget, had shown how an airborne drone could be used to intercept cell phone calls, literally by pretending to be a flying cell tower. Its signals could fool phones on the ground into relaying calls through it. Once it did that, recording private conversations or data would be just one extra step.
Sound a bit over the top? That's the kind of thing that comes up at the annual Black Hat conferences. There was also a presentation by a computer engineer named Jay Radcliffe -- himself a diabetic -- showing that an insulin pump could be controlled by a less-than-scrupulous hacker. There were sessions on how to defeat antivirus programs, or make the battery in a stranger's laptop overheat.
"Everybody's pushing the technology to do more and more and more, and like any technology that's pushed like that, security is an afterthought," Radcliffe told The Associated Press.
Of course, a hovering drone that picks up cell phone calls could also be used for good. Imagine sending one to an area hit by an earthquake, where power and cellular service have been knocked out, they said. The problem is that cellular service providers already have portable towers that don't need to land for refueling.
So why try all this far-out hacking? Partly, said people at the conference, to warn computer specialists they may be vulnerable in ways they had not imagined. But some of them conceded there was also an element of sport involved, doing something hard as a way to prove it can be done.
"All this requires is dedicated people," said Tassey. "This does not come with morals or ethics."