Hackers' Flying Drone Now Eavesdrops On GSM Phones 90
Sparrowvsrevolution writes "At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year's worth of progress on their Wireless Aerial Surveillance Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot-long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack-sized on-board Linux computer packed with network-hacking tools, including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae. On top of cracking Wi-Fi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane's antenna rather than their carrier, allowing the drone to record conversations and text messages on 32 gigs of storage."
RC planes will be illegal in (Score:4, Insightful)
3, 2, ....
cool toy, and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)
Re: (Score:1)
In the US there are certain conditions with which one can operate a UAV. Here is the fed doc: http://www.faa.gov/about/initiatives/uas/media/UAS_FACT_Sheet.pdf
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
. . . and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)
Its also the reason why we are plagued by old problems that are either boring or mostly afflict the poor or otherwise powerless, while much of mankind's innovation is focused on re-solving glamours or lucrative problems, creating attention-seeking gimmicks and other stupid-human-tricks.
The missing... (Score:1)
Doesn't matter to me... (Score:2, Insightful)
Re: (Score:1)
Pascal's Wager?
Re: (Score:1)
can i buy this? (Score:1)
Re: (Score:1)
Gamers rejoice! (Score:1)
Every single day it seems like the future societies described in Shadowrun and Cyberpunk 2020 are that much closer.
Re: (Score:1)
Still waiting on the Glitter Boys
If government was doing this (Score:3)
If government was doing this - it'd be an outcry of "oh, the privacy". Hackers - "cool stuff".
I don't like these guys any more than I like the government and don't trust them any further than I could throw them.
Re: (Score:2)
Dude, a couple of hacker built a UAV that silently taps into cell phone conversations...
"If government was doing this..."
What on Earth makes you think that the army doesn't have this capability if a couple of guys at DefCon put it together in a few months?
Comment removed (Score:5, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
Re: (Score:2)
If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.
Why would the government need it when they can already get all this stuff directly from the telecom companies anyway?
Re: (Score:3)
I don't like these guys any more than I like the government and don't trust them any further than I could throw them.
you have a point here. But you can throw those 2 guys much farther than the ~ 5M people of the executive branch of the US government...
Re: (Score:2)
+100 Insightful.
Re: (Score:1)
Don't need to, they already have a fiber connected to AT&T's headquarters. http://www.wired.com/threatlevel/2009/10/att-doj-foia/
Ooh, here is what they are using
"The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). http:/
Re:If government was doing this (Score:4, Informative)
I don't like these guys any more than I like the government and don't trust them any further than I could throw them.
Tassey and Perkins will demonstrate the WASP’s high-flying exploits at next week’s Black Hat Security Conference in Las Vegas...Tassey, a security consultant to Wall Street and the U.S. intelligence community and Perkins, a senior security engineer supporting the U.S. government [emphasis mine]... [suasnews.com]
In this case, the difference between "hackers" and "the government" appears to be negligible, at best.
Re: (Score:1)
The point isn't that you, an insignificant lemming, should like it. The point is that it is possible, contrary to what everyone has been saying, and that security against such things should be increased. Hacking isn't usually about destruction as much as it's about curiosity. The problem with our society is that when people find a glaring security defect the first response is to hate the person who found it, rather than congratulating them for being a pioneer and honest enough to alert people to the problem
Re: (Score:2)
The problem here is, the security problems are both well known and well documented for over a decade now. No one doubts they exist. No one claims otherwise. The societal value added here, even to the hacking community, is a negative number.
Cool factor? Yes. Very cool? Yes. Untrustworthy douche bags? Yes!!!
Re: (Score:2)
I disagree. The issues are real, but many question the threat posed by them. A few bored hackers building a proof-of-concept in their garage provides undeniable proof that not only is the threat real but it's well within the reach of anyone who cares to try.
Re: (Score:2)
There are several reasons for this. The hackers won't be knocking at 3 A.M. to drag you off to gitmo if you should say your new suitcase is "the bomb". The hackers won't be compiling a database of everybody's phonecalls in case they need to prosecute and/or blackmail you later. The hackers will not be trying to dun you with 'targeted ads' based on your remarks to your friend on the phone.
The hackers are forthcoming and letting us all know about gaping security holes in public announcements. Odds are this ha
Er... think a bit harder (Score:2)
Your line of thinking should be more along the lines of "if these hackers with next to no money can do this, odds are the government is already doing it, has been doing it for a long time, time, and simply no one knows about it yet".
Will it decrease dropped call (Score:2)
Re: (Score:1)
Re: (Score:1)
I just put an order for a dozen of those to extend my WiFi network to the beach!
Is this really a good thing? (Score:1)
Re: (Score:2)
A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material.
The beauty of it is tab a Stinger would probably never hit - no IR signature of note.
I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.
It's not so much malicious as a way to show that communications are more vulnerable than we realize - and that with some ingenuity people can do some pretty good snooping. If they really were malicious they'd never tell anyone about it - and they seem to be pretty careful about how they go about it to avoid legal or ethical problems as well.
Re: (Score:2)
Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.
Re: (Score:2)
Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.
No, I'd say it's more alike shooting a 22 into a gel target with a cheap ballistic nylon shirt to show how much damage it can do in an effort to ducat people who think that they are safe from a 22 bullet because they wear a "ballistic" nylon shirt.
WASP? (Score:2)
Abbreviation seems relevant: W.A.S.P. [wikipedia.org]?
Can't resist (Score:1)
I for one welcome our new warflying overlords...
Hacking phones is much easier than that (Score:1)
If you work in a newspaper all you do is befriend a victim of crime, "donate" one to them out of the goodness of our heart and - wahay! - all your base are belong to us. [msn.com]
Re: (Score:2)
Re: (Score:2)
I wonder how (Score:2)
Information is good! (Score:2)
A lot of people seem to be upset that this hack exists. It's used for evil, after all.
But that's not the point. Aren't you *glad* that you know this is possible? Now that we are aware this can be done, we can start trying to protect against it. The real crime here would have been for these hackers to see a vulnerability, and ignore it. Then anybody else who found the vulnerability could exploit it without knowledge of it even existing. That's a hundred times more dangerous.
Kudos to these guys on their brill
Re: (Score:2)
The thing is such telco equipment in those days was usually very expensive, so it's not likely that some random hacker would be able to afford one for personal use, add the necessary other equipment and run his own "proxying" cellphone station.
But the TLAs/secret services of many countries were certainly already eavesdropping on GSM calls back then.
That said, back th
Emergency cell tower (Score:5, Interesting)
How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity?
They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.
Re: (Score:2)
+1 Thank you. A positive use for military grade technology.
Re: (Score:2)
How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity? They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.
+1 Thank you. A positive use for military grade technology.
Sarah Conner disagrees.
(not quite sure of the correct plural usage here. Sarahs Conner ? Sarah Conners ? But what about Saras ? And O'Conners? Do T-800s implement Soundex? )
Re: (Score:2)
Wow. That's actually really brilliant.
Re:Emergency cell tower (Score:4, Informative)
340 million word dictionary? (Score:2)
CDMA (Score:2)
I wonder if this attack would work on CDMA. Even though it's a lot more expensive, can it be done? It's a basic MTM attack. Without some sort of public key system, how can we know if we're talking to a legitimate tower?
Record Conversations? (Score:1)
Sadly I've been stuck in telecom the last 10 years. I have to admit I scanned the article, but I missed the part where they connect their 'tower' to the phone company's network. So for argument's sake, let's pretend the mobile registers with the simulated BTS. What magic will connect them to another phone to record a conversation? I suppose they could fake the traffic to get the call connected, oh wait that would require another simulation of an SGSN and multiple protocol message, that I'm having real do
Re: (Score:1)
Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.
They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.
I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fix
Re: (Score:2)
I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.
It's trivial for anyone with a VoIP line or ISDN/T1 to send whatever number they want with a call, so if their carrier will accept and pass it along it'll reach the other end without trouble. Some carriers block sending any numbers which are not associated with the customer, but this is uncommon in my experience outside of residential-focused providers.
Time to wear the foil hat. (Score:1)
I see a huge job offer in their future. (Score:2)
I'm sure any number of military and intelligence agencies would be thrilled to give them a pile of money and all the cool toys they could handle.
i am sure the Feds want one of these.... (Score:2)
Where are they taking orders, I want to get one..... before they become illegal to purchase.
Re: (Score:1)
Bugs? (Score:1)