Feeds

back to article DIY aerial drone monitors Wi-Fi, GSM networks

Hobbyist hackers have built a DIY flying spy drone that's capable of intercepting communications over remote Wi-Fi and cellular networks and beaming them to snoops located half a world away. Short for wireless aerial surveillance platform, the WASP is equipped with a battery of off-the-shelf hacking tools that can secretly …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Wasps and hornets and bees, oh my!

Just a few questions. With 4G on board wouldn't it be quicker to rent some time on Amazon's servers to crack the WPA encyption? Let's face it, 5 hours is a long time to stay aloft trying to pick a lock. Do they have an estimate on how long it will be before there is a tool to pwn a WASP? Finally, other than following a Google spycar and messing with it from above, I can't think of a single thing I could be bothered to do with one but I still want one... is that wrong?

4
1
Paris Hilton

Cracking WPA

According to TFA, it doesn't have to stay aloft for five hours to crack the WPA key, it just has to capture the handshake.

Paris, capturing handshakes. (Meh.)

1
0
Silver badge
Boffin

@Eddy lto

"With 4G on board wouldn't it be quicker to rent some time on Amazon's servers to crack the WPA encyption? Let's face it, 5 hours is a long time to stay aloft trying to pick a lock"

That's exactly what it does - it connects to a backend server, passes the encrypted data to it and waits for the brute force to be done.

You'd never get enough power up there for a GPU powerful enough to run brute force, let alone keep the plane in the air.

1
0
Mushroom

A couple of things...

“In the wrong hands, it could do a metric shit ton of evil.”

I'm sure Einstein said something to that effect after working on the first nuclear bomb. Luckily the ton of evil bit hasn't happened yet.

Surely WASP should be a helicopter, not a plane. Having to pilot it round and round in circles when it's found a target or an interesting wifi signal is a bit silly.

3
10
Mushroom

Not happened yet?

I suspect the inhabitants of a couple of Japanese cities might disagree,,,,

11
4

whirlybird

Helicopters are harder to fly for starters, maybe there are other technical reasons (less reliable, can't fly as high, not stable enough, noisier? I dunno). Anyway, modern airliners can fly holding patterns, in some scenarios automatically, so I'd assume you could program the model plane to do that as well. You could just program in the flight plan and go to the pub.

3
0
Anonymous Coward

"should be a helicopter, not a plane"

Fuel consumption !

8
0
J 3
Mushroom

Hm...

"Luckily the ton of evil bit hasn't happened yet."

Convince the Japanese of that!

6
2
Bronze badge

It's been said before

but it looks like it needs to be said again: Einstein's involvement in the Manhattan Project began and ended with his signing of a letter to Roosevelt urging the US to build the bomb before Germany did.

Relativity != nuclear physics.

5
0
Thumb Down

Upvoters, show yourselves..

Come on... Are there really people on here who think that the mass slaughter of hundreds of thousands of innocent Japanese civilians is morally or ethically justifiable? Will you put your name to a comment stating these acts somehow fail to meet the criteria for being described as a "ton of evil"?

3
2

Really? No.

Combined death toll of both atomic bombs dropped on Japan : 225,000

Dresden death toll (one city alone) : 135,000

Combined world war 2 death toll : 75,000,000

Perspective.

7
1
Bronze badge

That's the problem

I can't quite make things add up.

It's quoted as being able to fly at 22,000 feet but I'm not sure how long it can stay in the air. That's an electric motor powering the propellor, and that needs a battery. So do the electronics, and there's a lot more there than a control system. Also, you have a fixed-pitch prop, not so good over such a great altitude range.

Anyway, the altitude records I can find for electric model aircraft are well below the claim.

0
0
Silver badge
Meh

@Dale Richards

"Upvoters, show yourselves"

I'm not sure where you think that an upvote of any of the above comments was justifying anything? Regardless, there are plenty of arguments both for and against, with "lesser of two evils" seemingly the prevailing argument for.

http://en.wikipedia.org/wiki/Debate_over_the_atomic_bombings_of_Hiroshima_and_Nagasaki if you really want to find out more, but do you really think this is the place for it??

0
0
Childcatcher

And 5hr duration?

(HaHa) (That's a hollow laugh up the sleeve.)

0
0

Einstein

Einstein refused to work on the atomic bomb programme.

Some sort of moral thing...

0
0
Anonymous Coward

@ "Keith 21" re: Perspective

Hiroshima was enough to ensure the Japanese surrender, Nagasaki was just because the Americans were in an ass-kicking mood and wanted to play with their new toys.

0
1
Coat

Metric shit ton

Is that larger or smaller than an imperial arse-load?

12
0
Silver badge
Headmaster

@Chronos

Yes

2
0
Thumb Up

Slightly smaller

But divided into a large number of small crap-packets that is divisible by ten.

1
0
Anonymous Coward

Larger

It's 2.2 Imperial Arseloads, each of which consists of 20 fuckweights.

1
0
Pint

Call forr ...

This is a call for the ElReg Units Converter page to be updated to include this newly defined precision!

0
0
Gold badge

Re: Metric shit ton of evil

I guess you'd need to convert them both to milli-googles to know for sure.

0
0
Boffin

Re: milliGoogles

That's being redefined by ISO. It used to be a measure of hacking skill but now it's one of the two standard units of how much personal information you're willing to let escape to have a shiny toy or the latest bit of software.

One Google is equivalent to 333 millisteverts, defined on the basis of a comparison between Android and iOS PII leakage. The official term is "privacy decay" which happens in two types of emission, alpha and beta. The decay for transGoogle elements is usually beta.

0
0
Black Helicopters

@ Gary F

Gary,

1. I believe the plane has an autopilot which locks the plane in a circle over the target Without any input from the pilot. Checkout www.diydrones.com for more info on these.

2. Hovering a helicopter for a length of time is no mean feet and requires far mre pilot effort than circling a fixed wing plane.

3. Fixed wing aircraft tend to have far greater flight duration.

In short, no, it shouldnt be a helicopter...

5
0
Headmaster

... no mean feet ... Spelling 10

Here, let me fix that for you ... no mean feat ...

Give the man a big hand.

2
0
Pint

Radio Gear Aside...

...Isn't it illegal to fly in US airspace?

http://www.theregister.co.uk/2011/08/05/murdoch_microdrone/

1
0

I'm thinking that...

...if you're intent on sniffing/cracking encrypted wireless traffic, then you're probably not all that fussed about adhering to FAA regulations.

1
0
Paris Hilton

This WASP can't fly!

While this thing might be able to theoretically sniff out Wi-Fi and cellular traffic there's only one problem...it can't actually fly...at least not well enough or high enough or far enough to meet the mission requirements. Here's why.

The proportions of the model are completely wrong, i.e, tiny wing, big boxy fuselage, lack of aerodynamic shape, and the mandatory massive batteries required to power the electric motor and all the "500 separate components for hacking wireless networks...", etc., etc.

Hmmm...and how much bite is that little fixed pitch propeller going to have at 4 miles up in thinner air? Even if by some miracle this thing could somehow reach 22,000 ft. altitude, how is it possible for it to loiter for the required ~5 hours sniffing passwords since this 'bug' incorporates the worst possible flight configuration for the job, i.e., a high wing loading jet style wing with boxy fuselage shape that require constant thrust from the electric motor just to maintain altitude? Ain't gonna happen!

It gets worse. Unless things have changed dramatically since I was flying RC models, a typical model airplane radio only has an approximate two mile range, but that's not the only problem. It may only take someone 30 minutes to learn to fly it (yeah, right), but unless that 'pilot' has telescopic vision he will lose sight of this 'bug' by the time it reaches 5000 ft altitude. And civilian radio control models suffer dramatically from electronic interference with on-board electronic gear the farther the plane flies from the transmitter. Youtube has some hilarious examples of live on-board video interfering with the pilot's control inputs causing the model to go out of control. To get around that this thing would have to have a much more robust on-board flight control system including video and more than likely GPS navigation to locate and/or report each target's lat/lon position. This would add more complexity and even more unwanted weight.

The bottom line is this is just fiction people, simply fiction. These guys should stick with what they're good at.

- Paris knows this thing could never make it to the mile high club...

9
13
Anonymous Coward

Things have indeed changed.

RC technology has changed massively in the past few years (I've been flying RC for at least 30). The model shown might not provide hours of flight time, but it DOES look like a practical flying machine. Brushless DC motors such as the one mounted on that bird are twice as efficient as brushed motors; foam and carbon fiber provide superior strength-to-weight over built-up balsa structures; lithium-polymer batteries have far superior energy density to NiCd or NiMH; and out-of-sight automated operation is quite feasible with hobby-scale autopilots such as the Ardupilot (GPS, 6-DOF inertial platform, and autonomous waypoint navigation for under $300 in a cigarette-pack-sized module weighing about three to four ounces).

No, this plane may not be a great performer, but it is entirely credible that it could be built as a working system with available hobbyist gear.

1
0

Can't fly? It already has!

The plane is a RS Systems FQM-117 drone, a 1/9th scale model of the F-16 Fighting Falcon. They've been in use for target practice for a few decades. I suppose the ceiling limit figures are based on being launched from a plane.

See here:

http://www.designation-systems.net/dusrm/m-117.html

Flight time, for the non-electric engine, was 12 mins. For an electric engine, I'd expect the flight time to be longer. You did click the links in the article, no?

3
0
FAIL

Not a typical RC control system

There are boxy aircraft with small wings that do fly (apologies, a name doesn't come to mind right now) mostly light aircraft. As long as the wings provide enough lift, the lack of aerodynamic shape doesn't matter.

If you went and looked at the specs -

Wingspan - 67 inches. (Hardly tiny)

Length - 72 inches

Ths massive batteries - look at the images, there are two compartments just behind the nose that house the two 22v 5000mAh batteries each weighing 1.8 pounds. On a craft that weighs 14 pounds, that's not a huge percentage.Tthey give 30-45 mins of flight time. Who said it needed 5 hours of flight time? 5 hours of processing time yes. Once you have your sample data, you don't need to stay airborne.

500 separate components are all software on a pico-itx computer. OK there will need to be receiver electronics for the radio, but all not a huge drain on battery.

And that tiny fixed pitch prop is a 17"x10" on Eflite Power 90 Brushless motor. Looking at the specs for the motor, this combination of prop and motor is sufficient for the weight of this model.

Uses a 900MHz radio system with a line-of-sight range of over 30,000 feet with a dipole antenna. With a high-gain antenna this range is more than doubled. USes a bespoke groundstation that provides telemetry. I wouldn't be suprised if you used an on-board camera to fly with once airborne - much like military drones.

Quite a difference to the conventional RC gear. Things have advanced quite a bit.

Oh, and fiction, check out the video on their website.

2
0
FAIL

Many assumptions there, Jimbo

For one, the "500 components" are software, not hardware components.

Secondly, it's not meant to fly 5 hours. That's how long the computer equipped with the GPU will take to crack the encryption based on captured data. The plane flies about half an hour (follow the link in the article and read).

Thirdly, it's a UAV not an RC model. Read that again. No radio control. "GPS too much complexity and weight" Ummm. 5 seconds on Google will tell you that's exactly what ArduPilot uses.

Glad you got all that off your chest, though.

2
0

I wouldn't be to quick to write it off as simply fiction.

Loiter time - the WASP doesn't need to remain airborne for 5 hours (indeed, the projects own website only quotes flight times of 30-45 minutes), the 5 hour period relates to how long it'll take the ground based systems to process the data captured whilst airborne.

Altitude capability - note that the WASP is a modified FQM-117B drone. The project site says the original drone was capable of 22,000ft, a quick Google suggests it was "only" capable of 10,000ft - still a pretty respectable performance.

Aerodynamic failings - as above, note the origin of the WASP airframe. This isn't some completely new design cobbled together by people who don't understand aerodynamics, it's a proven design. It might not be the most suitable design for the intended role, but I suspect there's not that much choice when it comes to obtaining off the shelf airframes of this size/payload capability.

Controlling the thing beyond visual range - the project site mentions the use of an Ardupilot open-source autopilot, which amongst other things incorporates GPS.

1
0
Silver badge
Boffin

RE: This WASP can't fly!

I take it this is intended for those too lazy or too young for wardriving?

There's the small issue that most people I know with home WiFi routers have them indoors on the ground floor. That means there's a whole lot of building reducing the signal strength to anything flying overhead, to the point where you probably have to dip down real low and fly a very tight circuit to pick up the WiFi. Which means you're then dodging trees, tall buildings and powerlines. Unless you've got an onboard vidcam with a live feed for such low flying, your drone is going to crash and burn real quick. And the lower you fly the better the chance of your 4G control link failing. You could put in a really powerful and boosted receiver to avoid flying low, but then you'd need more batteries and more space and bigger wings in order to take off.

A lot of the attack hardware could be built using an Android phone (they have built-in WiFi, lots of CPU grunt, and with the screen removed are not too bad for power consumption), but your little spyplane is then very easy to trace - you will have a unique IMEI number associated with the phone, a unique SIM for the 4G link, and lots of serials on the hardware. Should your skyspy fall out fo the blue it will not take the authorities long to trace you.

0
2

Did your models come from toys r us?

1. Gps guidance is now a £200 addition to most planes. Plot course in Google Earth, upload and go. No need to worry about Rc range (ignoring legalities). Telemtry downlink et all, COTS.

2. A ceiling altitude is not an operational altitude. This thing could work at 500 feet quite happily. Granted 22k seems rather optimistic.

3. At least for WPA PSK you get the handshake and can perform an offline dictionary attack after landing. No need to be in the air for the duration.

4. Thousands of RC pilots all overthe world fly video systems with no interference at all. The 35Mhz frequency is dead and we are on 2.4 ghz with 80 channels frequency hopping every 2ms.

Look on the bright side though, the antiques roadshow might take you on with your planes, Pops..

2
0
FAIL

Fail

Looks like from the photos that the laws of physics would agree with you. The photo of taxing is followed by a photo of a busted nose and broken wings!

0
0
404
Bronze badge
Black Helicopters

Opposite side of the coin

Where the fun will come in is when they develop drone hunter/killers. Can you imagine drone dogfights? Drone killer aces. Fire and forget baby drone missiles - locate emf (after x-amount of distance from ground launch).

Too much fun.

What they will probably do is set up a kind of vertical narrow field jammer - your drone hits my airspace, you lose control, and I get to keep the scrap metal.

1
0
Thumb Up

I'd Watch That

If NASCAR can be big imagine the audience for a sport where you KNOW every match is going to end in a feiry explosion!

0
0
Black Helicopters

Dogfighting

"Deep State" by Walter Jon Williams has that, Robot Wars in the sky.

The book also mentions some uses for this sort of thing. Imagine a few of these flying over Syrian cities watching the military, feeding footage back out through the cracked WiFi and letting the demonstrators avoid running into tanks.

0
0

Vertical narrow field jammer

I've got one of those. It's chambered in 12 bore.

1
1

What would the "right hands" be?

In the wrong hands, it would be a "metric shit-ton of evil." What, I wonder, would the right hands be? I can't even imagine a non-sinister use of this technology. Time to buy some notepads and sharpen those pencils. The risk of someone taking a rubbing from my pad seems far less nefarious than the electronic communication world nowadays.

1
0
FAIL

Close but no cigar....

I fly RC aircraft and have 20 years experience, if this thing has actually made it into the air I doubt it would be able to stay up any more than 20 minutes at best.

A 10 minute flight time is more likely or this kind of airframe.

0
2
Stop

Settle down Jimbo

It amazes me how so much managed to pass you by.

It uses a 4g command and control system, and is AUTOMATED, as in the pilot issues instructions only, not direct control of the flaps/throttle etc.

It doesn't need to operate at 22,000 feet, that is the highest it can reach if you instruct it to go as high as possible, suspiciously few wifi nodes up that high.

It as previously mentioned doesn't crack the WPA "on the fly". I just captures enough info to crack it later.

The point is that it can just fly around (anywhere with 4G reception) collecting the data needed to crack LOT's of infrastructure controlled from anywhere that is internet connected. A truly sneaky and assuredly REAL development. Disbelieve at your peril. RTFM.

2
1
Thumb Down

How ?

My Wifi signal bearly reaches the next room so how the duck is it going to reach 22,000 ft up in the air and I thought bluetooth would only reach 10m max. Am I missing something here ?

0
0
Ru
Boffin

The word you're looking for is 'fuck'

High gain antennae and rf amplifiers can do wonders for sniffing radio traffic. Not having to establish a 2-way link means you can get away with a lot more, too.

0
0

@Gary F

I wont repeat what others have sad about Japan but I would point out a nuke costs a lot more to build than this.

0
0
Facepalm

Blatantly illegal on several levels

It is against USA law to help yourself to other peoples' data. It is also against the law to endanger people on the ground with heavier-than-air craft capable of doing harm. You can fly things like that at an old airstrip, not above Paradise Valley, Nevada.

You kids have no sense of right and wrong. I blame my parents.

0
0
Bronze badge

Rupert Murdoch says hi.

How did he get their number... silly question.

0
0
Silver badge
Devil

"a metric shit ton of evil"

This would be the approved SI unit for demon-spawn activity?

I'll get my coat.

0
0
JMB

DIY aerial drone monitors Wi-Fi, GSM networks

How is going to sort out the thousands of low level signals on the same frequencies that it will be receiving at 22,000 ft?

Just driving around in a car would be more effective, just put some big cameras on the roof to disguise it.

0
2

Page:

This topic is closed for new posts.