There are a lot of cool things you can do with $1,000, but scientists at an Austin, Texas college have come across one that is often overlooked: for less than a grand, how’d you like to hijack a US government drone?
A group of researchers led by Professor Todd Humphreys from the University of Texas at Austin Radionavigation Laboratory recently succeeded in raising the eyebrows of the US government. With just around $1,000 in parts, Humphreys’ team took control of an unmanned aerial vehicle operated by the US Department of Homeland Security.
After being challenged by his lab, the DHS dared Humphreys’ crew to hack into their drone and take command. Much to their chagrin, they did exactly that.
Humphrey tells Fox News that for a few hundreds dollar his team was able to “spoof” the GPS system on board the DHS drone, a technique that involves mimicking the actual signals sent to the global positioning device and then eventually tricking the target into following a new set of commands. And, for just $1,000, Humphreys says the spoofer his team assembled was the most advanced one ever built.
“Spoofing a GPS receiver on a UAV is just another way of hijacking a plane,” Humphreys tells Fox. The real danger here, however, is that the government is currently considering plans that will allow local law enforcement agencies and other organizations from coast-to-coast to control drones of their own in America’s airspace.
“In five or ten years you have 30,000 drones in the airspace,” he tells Fox News. “Each one of these could be a potential missile used against us.”
Domestic drones are already being used by the DHS and other governmental agencies, and several small-time law enforcement groups have accumulated UAVs of their own as they await clearance from the Federal Aviation Administration. Indeed, by 2020 there expects to betens of thousands of drones diving and dipping through US airspace. With that futuristic reality only a few years away, Humphreys’ experiment suggests that the FAA may have their work cut out for them if they think it’s as easy as just approving domestic use anytime soon. After all, reports Newser, domestic drones are likely to use the same unencrypted GPS signals provided to civilians, allowing seemingly anyone with $1,000 and the right research to hack into the system and harness a UAV for their own personal use.
“What if you could take down one of these drones delivering FedEx packages and use that as your missile?” Humphreys asks. “That’s the same mentality the 9-11 attackers had,”
Drone Plane Converted to Airborne Hacking Platform at Black Hat
ARTICLE DATE : August 4, 2011
By Damon Poeter
Digital death rains from above! A pair of security researchers has turned a surplus U.S. Army drone plane into an airborne hacking platform that infiltrates Wi-Fi networks, intercepts cellphone calls, and even launches denial-of-service (DOS) attacks, according to media reports from the Black Hat security conference in Las Vegas.
Mike Tassey and Richard Perkins, security consultants to Wall Street firms and the U.S. intelligence community, built their Wireless Aerial Surveillance Platform (WASP) drone "as a proof of concept to show what criminals, terrorists and others might also soon be using for their nefarious activities," according to Wired.
Building on a concept originally demonstrated at last year's DefCon hacker conference by Chris Paget, the WASP drone's hacking toolkit includes an IMSI catcher and antenna that can impersonate a cellphone base station. Simply flip the switch and nearby cellphones are tricked into routing outbound calls through the WASP instead of through legit, commercial cell towers.
The WASP's cell tower spoof can even be used to intercept encrypted calls, tricking cellphones into disabling encryption and then either redirects call or records them using VoIP before they're routed to the intended receiver, according to Wired.
The drone can also use jamming signals to conduct DOS attacks on data providers, sniff out nearby wireless networks, and includes in its manifest "a dictionary of 340 million words for brute-forcing network passwords."
Tassey and Perkins said they built the WASP for $6,000, converting a surplus FMQ-117B U.S. Army target drone that runs quietly enough to patrol the skies unobtrusively from the FAA-mandated 400-foot ceiling at which it can legally fly (see video below of a test flight).
Perhaps the theoretical black hats who might want a WASP of their own wouldn't be as concerned about following FAA rules. But the remote-control drone still needs to be within line-of-sight for manually controlled take-offs and landings—though Tassey and Perkins said the WASP can be put on auto-pilot while in flight on a pre-determined course if it's programmed with GPS coordinates and Google maps.
The researchers said malicious hackers could easily build their own aerial hacking platforms, but that the WASP could be used for beneficial purposes as well, such providing emergency cellphone service in areas affected by a disaster.
“Be who you are and say what you feel because those who mind don't matter and those who matter don't mind.” - Dr. Seuss
The following user says Thank You to websouth for this post: