back to article DIY aerial drone monitors Wi-Fi, GSM networks

Hobbyist hackers have built a DIY flying spy drone that's capable of intercepting communications over remote Wi-Fi and cellular networks and beaming them to snoops located half a world away. Short for wireless aerial surveillance platform, the WASP is equipped with a battery of off-the-shelf hacking tools that can secretly …

COMMENTS

This topic is closed for new posts.
  1. Eddy Ito

    Wasps and hornets and bees, oh my!

    Just a few questions. With 4G on board wouldn't it be quicker to rent some time on Amazon's servers to crack the WPA encyption? Let's face it, 5 hours is a long time to stay aloft trying to pick a lock. Do they have an estimate on how long it will be before there is a tool to pwn a WASP? Finally, other than following a Google spycar and messing with it from above, I can't think of a single thing I could be bothered to do with one but I still want one... is that wrong?

    1. Alan W. Rateliff, II
      Paris Hilton

      Cracking WPA

      According to TFA, it doesn't have to stay aloft for five hours to crack the WPA key, it just has to capture the handshake.

      Paris, capturing handshakes. (Meh.)

    2. Annihilator
      Boffin

      @Eddy lto

      "With 4G on board wouldn't it be quicker to rent some time on Amazon's servers to crack the WPA encyption? Let's face it, 5 hours is a long time to stay aloft trying to pick a lock"

      That's exactly what it does - it connects to a backend server, passes the encrypted data to it and waits for the brute force to be done.

      You'd never get enough power up there for a GPU powerful enough to run brute force, let alone keep the plane in the air.

  2. Gary F
    Mushroom

    A couple of things...

    “In the wrong hands, it could do a metric shit ton of evil.”

    I'm sure Einstein said something to that effect after working on the first nuclear bomb. Luckily the ton of evil bit hasn't happened yet.

    Surely WASP should be a helicopter, not a plane. Having to pilot it round and round in circles when it's found a target or an interesting wifi signal is a bit silly.

    1. Paul 139
      Mushroom

      Not happened yet?

      I suspect the inhabitants of a couple of Japanese cities might disagree,,,,

      1. Keith 21

        Really? No.

        Combined death toll of both atomic bombs dropped on Japan : 225,000

        Dresden death toll (one city alone) : 135,000

        Combined world war 2 death toll : 75,000,000

        Perspective.

        1. Anonymous Coward
          Anonymous Coward

          @ "Keith 21" re: Perspective

          Hiroshima was enough to ensure the Japanese surrender, Nagasaki was just because the Americans were in an ass-kicking mood and wanted to play with their new toys.

    2. Zobbo

      whirlybird

      Helicopters are harder to fly for starters, maybe there are other technical reasons (less reliable, can't fly as high, not stable enough, noisier? I dunno). Anyway, modern airliners can fly holding patterns, in some scenarios automatically, so I'd assume you could program the model plane to do that as well. You could just program in the flight plan and go to the pub.

    3. Anonymous Coward
      Anonymous Coward

      "should be a helicopter, not a plane"

      Fuel consumption !

      1. Dave Bell

        That's the problem

        I can't quite make things add up.

        It's quoted as being able to fly at 22,000 feet but I'm not sure how long it can stay in the air. That's an electric motor powering the propellor, and that needs a battery. So do the electronics, and there's a lot more there than a control system. Also, you have a fixed-pitch prop, not so good over such a great altitude range.

        Anyway, the altitude records I can find for electric model aircraft are well below the claim.

        1. Mips
          Childcatcher

          And 5hr duration?

          (HaHa) (That's a hollow laugh up the sleeve.)

    4. J 3
      Mushroom

      Hm...

      "Luckily the ton of evil bit hasn't happened yet."

      Convince the Japanese of that!

    5. Francis Boyle Silver badge

      It's been said before

      but it looks like it needs to be said again: Einstein's involvement in the Manhattan Project began and ended with his signing of a letter to Roosevelt urging the US to build the bomb before Germany did.

      Relativity != nuclear physics.

    6. Dale Richards
      Thumb Down

      Upvoters, show yourselves..

      Come on... Are there really people on here who think that the mass slaughter of hundreds of thousands of innocent Japanese civilians is morally or ethically justifiable? Will you put your name to a comment stating these acts somehow fail to meet the criteria for being described as a "ton of evil"?

      1. Annihilator
        Meh

        @Dale Richards

        "Upvoters, show yourselves"

        I'm not sure where you think that an upvote of any of the above comments was justifying anything? Regardless, there are plenty of arguments both for and against, with "lesser of two evils" seemingly the prevailing argument for.

        http://en.wikipedia.org/wiki/Debate_over_the_atomic_bombings_of_Hiroshima_and_Nagasaki if you really want to find out more, but do you really think this is the place for it??

    7. Nick Pettefar

      Einstein

      Einstein refused to work on the atomic bomb programme.

      Some sort of moral thing...

  3. Chronos
    Coat

    Metric shit ton

    Is that larger or smaller than an imperial arse-load?

    1. Stoneshop
      Headmaster

      @Chronos

      Yes

    2. Martin 71 Silver badge
      Thumb Up

      Slightly smaller

      But divided into a large number of small crap-packets that is divisible by ten.

    3. Anonymous Coward
      Anonymous Coward

      Larger

      It's 2.2 Imperial Arseloads, each of which consists of 20 fuckweights.

    4. Anonymous Coward
      Pint

      Call forr ...

      This is a call for the ElReg Units Converter page to be updated to include this newly defined precision!

    5. Ken Hagan Gold badge

      Re: Metric shit ton of evil

      I guess you'd need to convert them both to milli-googles to know for sure.

      1. Chronos
        Boffin

        Re: milliGoogles

        That's being redefined by ISO. It used to be a measure of hacking skill but now it's one of the two standard units of how much personal information you're willing to let escape to have a shiny toy or the latest bit of software.

        One Google is equivalent to 333 millisteverts, defined on the basis of a comparison between Android and iOS PII leakage. The official term is "privacy decay" which happens in two types of emission, alpha and beta. The decay for transGoogle elements is usually beta.

  4. Dave Wray
    Black Helicopters

    @ Gary F

    Gary,

    1. I believe the plane has an autopilot which locks the plane in a circle over the target Without any input from the pilot. Checkout www.diydrones.com for more info on these.

    2. Hovering a helicopter for a length of time is no mean feet and requires far mre pilot effort than circling a fixed wing plane.

    3. Fixed wing aircraft tend to have far greater flight duration.

    In short, no, it shouldnt be a helicopter...

    1. Anonymous Coward
      Headmaster

      ... no mean feet ... Spelling 10

      Here, let me fix that for you ... no mean feat ...

      Give the man a big hand.

  5. Disco-Legend-Zeke
    Pint

    Radio Gear Aside...

    ...Isn't it illegal to fly in US airspace?

    http://www.theregister.co.uk/2011/08/05/murdoch_microdrone/

    1. ChrisC Silver badge

      I'm thinking that...

      ...if you're intent on sniffing/cracking encrypted wireless traffic, then you're probably not all that fussed about adhering to FAA regulations.

  6. Jimbo in Thailand
    Paris Hilton

    This WASP can't fly!

    While this thing might be able to theoretically sniff out Wi-Fi and cellular traffic there's only one problem...it can't actually fly...at least not well enough or high enough or far enough to meet the mission requirements. Here's why.

    The proportions of the model are completely wrong, i.e, tiny wing, big boxy fuselage, lack of aerodynamic shape, and the mandatory massive batteries required to power the electric motor and all the "500 separate components for hacking wireless networks...", etc., etc.

    Hmmm...and how much bite is that little fixed pitch propeller going to have at 4 miles up in thinner air? Even if by some miracle this thing could somehow reach 22,000 ft. altitude, how is it possible for it to loiter for the required ~5 hours sniffing passwords since this 'bug' incorporates the worst possible flight configuration for the job, i.e., a high wing loading jet style wing with boxy fuselage shape that require constant thrust from the electric motor just to maintain altitude? Ain't gonna happen!

    It gets worse. Unless things have changed dramatically since I was flying RC models, a typical model airplane radio only has an approximate two mile range, but that's not the only problem. It may only take someone 30 minutes to learn to fly it (yeah, right), but unless that 'pilot' has telescopic vision he will lose sight of this 'bug' by the time it reaches 5000 ft altitude. And civilian radio control models suffer dramatically from electronic interference with on-board electronic gear the farther the plane flies from the transmitter. Youtube has some hilarious examples of live on-board video interfering with the pilot's control inputs causing the model to go out of control. To get around that this thing would have to have a much more robust on-board flight control system including video and more than likely GPS navigation to locate and/or report each target's lat/lon position. This would add more complexity and even more unwanted weight.

    The bottom line is this is just fiction people, simply fiction. These guys should stick with what they're good at.

    - Paris knows this thing could never make it to the mile high club...

    1. Anonymous Coward
      Anonymous Coward

      Things have indeed changed.

      RC technology has changed massively in the past few years (I've been flying RC for at least 30). The model shown might not provide hours of flight time, but it DOES look like a practical flying machine. Brushless DC motors such as the one mounted on that bird are twice as efficient as brushed motors; foam and carbon fiber provide superior strength-to-weight over built-up balsa structures; lithium-polymer batteries have far superior energy density to NiCd or NiMH; and out-of-sight automated operation is quite feasible with hobby-scale autopilots such as the Ardupilot (GPS, 6-DOF inertial platform, and autonomous waypoint navigation for under $300 in a cigarette-pack-sized module weighing about three to four ounces).

      No, this plane may not be a great performer, but it is entirely credible that it could be built as a working system with available hobbyist gear.

    2. Paul Renault

      Can't fly? It already has!

      The plane is a RS Systems FQM-117 drone, a 1/9th scale model of the F-16 Fighting Falcon. They've been in use for target practice for a few decades. I suppose the ceiling limit figures are based on being launched from a plane.

      See here:

      http://www.designation-systems.net/dusrm/m-117.html

      Flight time, for the non-electric engine, was 12 mins. For an electric engine, I'd expect the flight time to be longer. You did click the links in the article, no?

    3. Spikehead
      FAIL

      Not a typical RC control system

      There are boxy aircraft with small wings that do fly (apologies, a name doesn't come to mind right now) mostly light aircraft. As long as the wings provide enough lift, the lack of aerodynamic shape doesn't matter.

      If you went and looked at the specs -

      Wingspan - 67 inches. (Hardly tiny)

      Length - 72 inches

      Ths massive batteries - look at the images, there are two compartments just behind the nose that house the two 22v 5000mAh batteries each weighing 1.8 pounds. On a craft that weighs 14 pounds, that's not a huge percentage.Tthey give 30-45 mins of flight time. Who said it needed 5 hours of flight time? 5 hours of processing time yes. Once you have your sample data, you don't need to stay airborne.

      500 separate components are all software on a pico-itx computer. OK there will need to be receiver electronics for the radio, but all not a huge drain on battery.

      And that tiny fixed pitch prop is a 17"x10" on Eflite Power 90 Brushless motor. Looking at the specs for the motor, this combination of prop and motor is sufficient for the weight of this model.

      Uses a 900MHz radio system with a line-of-sight range of over 30,000 feet with a dipole antenna. With a high-gain antenna this range is more than doubled. USes a bespoke groundstation that provides telemetry. I wouldn't be suprised if you used an on-board camera to fly with once airborne - much like military drones.

      Quite a difference to the conventional RC gear. Things have advanced quite a bit.

      Oh, and fiction, check out the video on their website.

    4. foo_bar_baz
      FAIL

      Many assumptions there, Jimbo

      For one, the "500 components" are software, not hardware components.

      Secondly, it's not meant to fly 5 hours. That's how long the computer equipped with the GPU will take to crack the encryption based on captured data. The plane flies about half an hour (follow the link in the article and read).

      Thirdly, it's a UAV not an RC model. Read that again. No radio control. "GPS too much complexity and weight" Ummm. 5 seconds on Google will tell you that's exactly what ArduPilot uses.

      Glad you got all that off your chest, though.

    5. ChrisC Silver badge

      I wouldn't be to quick to write it off as simply fiction.

      Loiter time - the WASP doesn't need to remain airborne for 5 hours (indeed, the projects own website only quotes flight times of 30-45 minutes), the 5 hour period relates to how long it'll take the ground based systems to process the data captured whilst airborne.

      Altitude capability - note that the WASP is a modified FQM-117B drone. The project site says the original drone was capable of 22,000ft, a quick Google suggests it was "only" capable of 10,000ft - still a pretty respectable performance.

      Aerodynamic failings - as above, note the origin of the WASP airframe. This isn't some completely new design cobbled together by people who don't understand aerodynamics, it's a proven design. It might not be the most suitable design for the intended role, but I suspect there's not that much choice when it comes to obtaining off the shelf airframes of this size/payload capability.

      Controlling the thing beyond visual range - the project site mentions the use of an Ardupilot open-source autopilot, which amongst other things incorporates GPS.

    6. Matt Bryant Silver badge
      Boffin

      RE: This WASP can't fly!

      I take it this is intended for those too lazy or too young for wardriving?

      There's the small issue that most people I know with home WiFi routers have them indoors on the ground floor. That means there's a whole lot of building reducing the signal strength to anything flying overhead, to the point where you probably have to dip down real low and fly a very tight circuit to pick up the WiFi. Which means you're then dodging trees, tall buildings and powerlines. Unless you've got an onboard vidcam with a live feed for such low flying, your drone is going to crash and burn real quick. And the lower you fly the better the chance of your 4G control link failing. You could put in a really powerful and boosted receiver to avoid flying low, but then you'd need more batteries and more space and bigger wings in order to take off.

      A lot of the attack hardware could be built using an Android phone (they have built-in WiFi, lots of CPU grunt, and with the screen removed are not too bad for power consumption), but your little spyplane is then very easy to trace - you will have a unique IMEI number associated with the phone, a unique SIM for the 4G link, and lots of serials on the hardware. Should your skyspy fall out fo the blue it will not take the authorities long to trace you.

    7. Dave Wray

      Did your models come from toys r us?

      1. Gps guidance is now a £200 addition to most planes. Plot course in Google Earth, upload and go. No need to worry about Rc range (ignoring legalities). Telemtry downlink et all, COTS.

      2. A ceiling altitude is not an operational altitude. This thing could work at 500 feet quite happily. Granted 22k seems rather optimistic.

      3. At least for WPA PSK you get the handshake and can perform an offline dictionary attack after landing. No need to be in the air for the duration.

      4. Thousands of RC pilots all overthe world fly video systems with no interference at all. The 35Mhz frequency is dead and we are on 2.4 ghz with 80 channels frequency hopping every 2ms.

      Look on the bright side though, the antiques roadshow might take you on with your planes, Pops..

    8. Stuart Jones
      FAIL

      Fail

      Looks like from the photos that the laws of physics would agree with you. The photo of taxing is followed by a photo of a busted nose and broken wings!

  7. 404
    Black Helicopters

    Opposite side of the coin

    Where the fun will come in is when they develop drone hunter/killers. Can you imagine drone dogfights? Drone killer aces. Fire and forget baby drone missiles - locate emf (after x-amount of distance from ground launch).

    Too much fun.

    What they will probably do is set up a kind of vertical narrow field jammer - your drone hits my airspace, you lose control, and I get to keep the scrap metal.

    1. dfgraham
      Thumb Up

      I'd Watch That

      If NASCAR can be big imagine the audience for a sport where you KNOW every match is going to end in a feiry explosion!

    2. Vulch
      Black Helicopters

      Dogfighting

      "Deep State" by Walter Jon Williams has that, Robot Wars in the sky.

      The book also mentions some uses for this sort of thing. Imagine a few of these flying over Syrian cities watching the military, feeding footage back out through the cracked WiFi and letting the demonstrators avoid running into tanks.

    3. Hombre sin nombre

      Vertical narrow field jammer

      I've got one of those. It's chambered in 12 bore.

  8. k9gardner

    What would the "right hands" be?

    In the wrong hands, it would be a "metric shit-ton of evil." What, I wonder, would the right hands be? I can't even imagine a non-sinister use of this technology. Time to buy some notepads and sharpen those pencils. The risk of someone taking a rubbing from my pad seems far less nefarious than the electronic communication world nowadays.

  9. Frostbite
    FAIL

    Close but no cigar....

    I fly RC aircraft and have 20 years experience, if this thing has actually made it into the air I doubt it would be able to stay up any more than 20 minutes at best.

    A 10 minute flight time is more likely or this kind of airframe.

  10. Brian Miller 1
    Stop

    Settle down Jimbo

    It amazes me how so much managed to pass you by.

    It uses a 4g command and control system, and is AUTOMATED, as in the pilot issues instructions only, not direct control of the flaps/throttle etc.

    It doesn't need to operate at 22,000 feet, that is the highest it can reach if you instruct it to go as high as possible, suspiciously few wifi nodes up that high.

    It as previously mentioned doesn't crack the WPA "on the fly". I just captures enough info to crack it later.

    The point is that it can just fly around (anywhere with 4G reception) collecting the data needed to crack LOT's of infrastructure controlled from anywhere that is internet connected. A truly sneaky and assuredly REAL development. Disbelieve at your peril. RTFM.

  11. LordBrian
    Thumb Down

    How ?

    My Wifi signal bearly reaches the next room so how the duck is it going to reach 22,000 ft up in the air and I thought bluetooth would only reach 10m max. Am I missing something here ?

    1. Ru
      Boffin

      The word you're looking for is 'fuck'

      High gain antennae and rf amplifiers can do wonders for sniffing radio traffic. Not having to establish a 2-way link means you can get away with a lot more, too.

  12. pctechxp

    @Gary F

    I wont repeat what others have sad about Japan but I would point out a nuke costs a lot more to build than this.

  13. Dave Rickmers
    Facepalm

    Blatantly illegal on several levels

    It is against USA law to help yourself to other peoples' data. It is also against the law to endanger people on the ground with heavier-than-air craft capable of doing harm. You can fly things like that at an old airstrip, not above Paradise Valley, Nevada.

    You kids have no sense of right and wrong. I blame my parents.

  14. Robert Carnegie Silver badge

    Rupert Murdoch says hi.

    How did he get their number... silly question.

  15. Arctic fox
    Devil

    "a metric shit ton of evil"

    This would be the approved SI unit for demon-spawn activity?

    I'll get my coat.

  16. JMB

    DIY aerial drone monitors Wi-Fi, GSM networks

    How is going to sort out the thousands of low level signals on the same frequencies that it will be receiving at 22,000 ft?

    Just driving around in a car would be more effective, just put some big cameras on the roof to disguise it.

    1. Ru
      Headmaster

      Durr

      Max ceiling != working altitude. Do you always drive your car >100mph, and go everywhere on foot at a sprint?

      There's an old arstechnica article (see here: http://arstechnica.com/old/content/2002/08/warflying.ars but it looks like the old map content is dead) which did some simple warflying between 1500 and 2500 feet in a light aircraft, which I bet will be flying higher and faster than your average drone. That trip had no problems isolating SSIDs, though they weren't trying to do anything more clever like sniff 4-way handshakes and the like.

  17. Anonymous Coward
    Pirate

    Solar power?

    39% efficient surplus triple junction Spectrolab cells can be had for not much money.

    That ought to be enough to keep the batteries charged up and extend the runtime.

    I saw a bunch of those on ebay a while back, and not having £120 at the time didn't bid.

    Good thing too, they sold for closer to £260 with the postage.

    As for storage, microSD cards don't weigh much and bank switching say 16 cards to a single controller to reduce power (once filled, switch over) means that little drone can store close to a terabyte of captured data with only five grams extra weight.

    Go all black ops and "drop" the memory package when over a given area with a pinger so the ground forces can locate the dropped package, then return to target area.

    :-)

    AC/DC

  18. Anonymous Coward
    Thumb Down

    Just an idea

    How about putting the kit into a vehicle, add a camera on the roof and just drive around snapping pictures and cracking networks...

    Why bother with an aircraft - Its been done already.

  19. Paul 87

    Sounds like...

    ... someone's punting a proof of concept device to sell to the CIA, assuming they haven't already got drones that do this :)

  20. Anonymous John

    I think

    I'll make a tin-foil hat for my house.

    1. Anonymous Coward
      Black Helicopters

      tin-foil

      Already done at mine - it's called insulation

  21. bag o' spanners
    Alien

    It's only an airbed, officer.

    Mini-blimps would be far more effective for just hanging around in the nerdosphere, especially if they're dressed up to look like wonky ufos. Espionage and mad panic in a handy flatpack format.

  22. Brandon 2

    old hat

    I'm not sure what the electronic snooping mumbo jumbo all means, but I've built small, R/C UAVs, and it's pretty easy. Aside from the initial launch of the vehicle, there are commercially available, radio controlled auto pilot software + hardware rigs available that can fly the plane until it runs out of power... and these kits are around $1000. Very useful if your plane goes beyond transmitter range, and you've programmed it to return to a set of coordinates to regain control (saving you a bunch of dough and sparing the public from a UAV crashing into them).

  23. Michael D. Willis
    Alert

    And here's the off-the-shelf milspec version

    http://www.aurora.aero/Products/Skate.aspx

    The Aurora Skate UAS is a flying wing drone.

    Vehicle Weight: 2 lb System Weight: 6 lb Maximum Payload: 0.5 lb Endurance: 1 hr

    Storage: 5” x 13” x 12” Maximum speed: 50 kts

  24. Chris Parsons

    Seems plausible to me

    I was flying back from Bodmin and had a fairly close encounter with what looked a bit like the above going at one hell of a lick on a reciprocal course to mine. Yeovil Radar couldn't see it, but they have difficulty spotting my plastic plane, so that's no real surprise.

  25. GCom

    MOD take note

    Hopefully the MOD will be reading this and put an order in, certainly better value for money than anything of a similar spec there buying from the arms mega corps such as BAE

This topic is closed for new posts.

Other stories you might like