Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

AirMagnet Wi-Fi Security Tool Takes Aim At Drones

timothy posted about 2 months ago | from the command-and-control-is-next dept.

Security 52

alphadogg (971356) writes "In its quest to help enterprises seek out and neutralize all threats to their Wi-Fi networks, AirMagnet is now looking to the skies. In a free software update to its AirMagnet Enterprise product last week, the Wi-Fi security division of Fluke Networks added code specifically crafted to detect the Parrot AR Drone, a popular unmanned aerial vehicle that costs a few hundred dollars and can be controlled using a smartphone or tablet. Drones themselves don't pose any special threat to Wi-Fi networks, and AirMagnet isn't issuing air pistols to its customers to shoot them down. The reason the craft are dangerous is that they can be modified to act as rogue access points and sent into range of a victim's wireless network, potentially breaking into a network to steal data."

cancel ×

52 comments

Sorry! There are no comments related to the filter you selected.

Makes Perfect Sense (5, Interesting)

QBasicer (781745) | about 2 months ago | (#47507533)

Instead of fixing a vulnerability or weakness in wifi, lets prevent drones from flying nearby. Because you can totally trust ALL your employees not to plug in a router to perform a similar attack.

Re:Makes Perfect Sense (-1, Redundant)

rebelwarlock (1319465) | about 2 months ago | (#47507907)

Accidentally modded you redundant instead of insightful, so I'm replying to drop the score dock.

Re:Makes Perfect Sense (1)

Sarten-X (1102295) | about 2 months ago | (#47507987)

It's a crappy story, but the real threat is that cheaply-available drones are an easy way to bypass physical security layers.

Apparently, this update just adds specific identification for the Parrot AR, providing sysadmins with information about its location and video stream.

Re:Makes Perfect Sense (2)

plover (150551) | about 2 months ago | (#47509193)

I think this is almost entirely a publicity stunt. It's easy to detect the manufacturer's OUI, and they're already selling a device that examines WiFi traffic, so why not add a signature for the Parrot? It costs them almost nothing, and it's kind of attractive in a faux-nerdy marketing person way. The salesman can use it to joke with the CIO when he's trying to sell them. The engineers will roll their eyes. but the executives will think they're doing something useful.

The real question is if detecting R/C signals is worthwhile. Parrot's WiFi control is only one of many possible protocols they could use on the 2.4 spectrum, and there are many other bands available to R/C owners. If R/C is a real threat, they need to detect them all. Otherwise, their existing software to detect rogue access points is probably more important than identifying specific toys.

Regardless of the technical merit, I think the marketing value is probably more than valuable enough to keep the rule around.

Re:Makes Perfect Sense (1)

Sarten-X (1102295) | about 2 months ago | (#47510911)

It's more than a signature ID. Apparently it also will interpret movement commands and intercept the video stream to show admins what the drone is looking at.

Re:Makes Perfect Sense (1)

Jane Q. Public (1010737) | about 2 months ago | (#47510259)

It's a crappy story, but the real threat is that cheaply-available drones are an easy way to bypass physical security layers.

So are toy cars.

So what?

Re:Makes Perfect Sense (4, Informative)

ledow (319597) | about 2 months ago | (#47508409)

Anyone who worries about wireless security and hasn't yet deployed WPA2-Enterprise and VLANs deserves everything they get.

Seriously, an employee plugging in a router? ALARM BELLS GO OFF IN IT ROOM.

An employee sets up a duplicate wireless network with the same SSID?

Weird. None of the connection policies match, so nothing officially supplied by IT will connect to it. And employees "might" connect to it, manually, sure. If it wasn't that the wireless AP's around the place have spotted the intruder, emailled me, triangulated the position of the AP, flooded it off the airwaves, and you'd have to re-type in all your RADIUS / WPA keys into it in order for it to actually let you CONNECT without warnings anyway.

It's just not a problem if you are serious about your wireless deployment. If you're not serious, that's the problem.

I'm an IT guy that works in schools, with hostile users, some of them living on-premises, willing to break all the rules, some of whom have built their own drones to fly around the school premises, and this isn't an issue I'd be concerned about.

For a start, the Cisco Meraki gear I use would "contain" any such network, and it would warn me, and it would even put a little pinpoint on a wireless heatmap if I so desired to tell me where they are.

The rest is just taking a smartphone with a free app, walking to that point, and disciplining whoever I found there / taking down the drone and waiting for someone to come claim it.

Re:Makes Perfect Sense (1)

Tyrannicsupremacy (1354431) | about 2 months ago | (#47509229)

I'll bet you probably love eating bread sandwiches.

Re:Makes Perfect Sense (0)

Anonymous Coward | about 2 months ago | (#47510223)

Shut up, they're fucking delicious!

Re:Makes Perfect Sense (1)

sexconker (1179573) | about 2 months ago | (#47510415)

If someone plugs in a router with a spoofed MAC of an allowed device for that port, you'd never know.
Most routers support MAC spoofing in order to forward the MAC of your main PC to the cable / DLS modem. Many ISPs will block a new MAC for a period of time or until your call up and tell them. If you require authentication on a wired port, they could set that up as well.
The only way to prevent a MITM attack is to physically secure the network wiring or centrally manage per-device encryption keys/certificates. And I know you're not doing that. And if you want to claim that you are, I also know you're not doing it for your printers and other devices.

For wireless, if someone plugs in a wireless router you might be able to detect it if you have antennas in range, but you can't stop it.

The air marshal shit Meraki does is completely illegal. You can't jam wifi, which is all Meraki does for "containment". They even fucking admit that it's illegal to use it in their documentation.
From https://meraki.cisco.com/lib/p... [cisco.com] , page 8:

2As containment renders any standard 802.11 network completely ineffective, containment measures should taken in your airspace. Extreme caution should be taken to ensure that containment is not being performed on a legitimate network nearby and, action should only be taken as a last resort. Unauthorized containment is prosecutable by law (subject to the FCC’s Communications Act of 1934, Section 333, ‘Willful or Malicious Interference’).
http://transition.fcc.gov/Repo... [fcc.gov]

Beyond the legality, it doesn't even work in a manner that could be called secure. It creates bubbles of noise where NO wifi works (hello DoS). It becomes a loudness war and the rogue AP will always have a bubble of effective range where it will win out. If you have two Meraki networks near each other, they often get into wars, shutting each other down where their edges meet.

VLANs has nothing to do with wireless security. Segregating your networks with a VLAN is pointless - all the devices that are wireless APs also include routing functions. Use them. VLANs are meant for logically extending a network that is physically separate, not for logically separating a network that is physically connected.

Hey look old technology (3, Funny)

i kan reed (749298) | about 2 months ago | (#47507541)

Wait! The old technology is attached to an autonomous quadrotor. Guess I'd better panic.

The biggest dangers (-1)

Anonymous Coward | about 2 months ago | (#47507563)

The biggest dangers are having essentially a battery ready to drop on someone's head, flown by someone who has no clue what they're doing, designed by people who have deliberately thrown away 100 years of aviation safety lessons. No current UAVs are safe enough to fly in populated areas, much less around crowds.

Re:The biggest dangers (2)

naughtynaughty (1154069) | about 2 months ago | (#47508625)

Love the blanket statement that "no current UAVs are safe enough to fly in populated areas", things like this must absolutely terrify you: http://www.poweruptoys.com/ [poweruptoys.com] BTW, stay off the streets, where real danger exists.

Re:The biggest dangers (-1)

Anonymous Coward | about 2 months ago | (#47509209)

Anonymous because I work in the field and don't have PR permission to speak for the organization. Yes, I've studied every one. None of them are close. Your straw man argument is stupid.

20 minutes of battery life (2, Informative)

radioact69 (1220518) | about 2 months ago | (#47507575)

This is the dumbest thing I have ever read, and I have read some dumb stuff. Slashdot FAIL.

A lot of effort there (1, Insightful)

Anonymous Coward | about 2 months ago | (#47507599)

A lot of effort to stop a threat I've not heard of anyone doing. How is this easier and more stealthy then someone in a car with a wireless cracker?

The number one source of data breaches/theft is from employees. Are they suggesting employees are going to do something so elaborate/expensive/unreliable? Wow am I confused.

Would probably make a good TV show though.

Probably where they are getting their threat analysis from.

Re:A lot of effort there (0)

Anonymous Coward | about 2 months ago | (#47509831)

>The number one source of data breaches/theft is from employees.

Of course many employees are drones, but that's not what this device is detecting.

Sounds like it would be trivial to defeat (0)

Anonymous Coward | about 2 months ago | (#47507603)

You'd just use a different model of AP. I'd be more worried about a drone sniffing my WiFi anyway.

A better option is... (1)

Anonymous Coward | about 2 months ago | (#47507671)

Broad spectrum, high power RF jammers. A bonus if it also takes out cell networks.

Re:A better option is... (1)

Bjorn_Redtail (848817) | about 2 months ago | (#47514275)

They also are dead easy to direction find.

This Parrot has ceased to be! (3, Funny)

Irate Engineer (2814313) | about 2 months ago | (#47507707)

Lovely plumage though.

I've got a similar idea in the works... (4, Insightful)

jeffb (2.718) (1189693) | about 2 months ago | (#47507813)

It's a receiver to detect the EM signature from the onboard electronics of a Prius.

See, I've heard that it's possible for a Prius driver to run over kids who are playing in the street. So I've designed this receiver that fits into a kiddy backpack, and sounds an alarm when there's a Prius nearby. That way, when my kids are playing in the street and a Prius approaches, they'll hear the alarm. I guess then they can get out of the street, but what I'm really looking for is a way to ban Priuses from driving on my street. After all, I'm a responsible parent who's keenly aware of the dangers Priuses pose to kids who play in the street.

Re:I've got a similar idea in the works... (0)

Anonymous Coward | about 2 months ago | (#47508783)

Different detection algorithm. This probably just detects MAC addresses in the OID range assigned to Parrot AR. Your idea requires more... electronics.

Re:I've got a similar idea in the works... (0)

cyborg_monkey (150790) | about 2 months ago | (#47509777)

Wow, was that clever.

Re:I've got a similar idea in the works... (0)

Anonymous Coward | about 2 months ago | (#47509847)

As if Prius drivers are capable of driving at a dangerous speed. Have you ever had one of them ahead of you blocking traffic? I see the problem almost every day.
These clowns are so slow that I considered voting for the RomneyBot just because of the Obama stickers on the slow-moving Prius'.

Re:I've got a similar idea in the works... (1)

HornWumpus (783565) | about 2 months ago | (#47510293)

They're no worse then the Volvo diesels they traded in for Pius'. The problem has always been the drivers.

Wifi. The final frontier. (0)

Anonymous Coward | about 2 months ago | (#47507849)

These are the voyages of the drone fighter AirMagnet. Its continuing mission to explore strange new wardrivers, to seek out new threats and neutralize them -- to boldly do which no one had needed before.

Battery lasts for only 12 minutes (3, Insightful)

LongearedBat (1665481) | about 2 months ago | (#47507893)

I have an AR Drone 2, and the standard battery lasts for maximum 12 minutes (1000 mAh). I've ordered a new battery that holds 1500 mAh. Looking forward to see if it lasts for 18 minutes.

How much damage can one do with that? Seems easier to sneak up close and hide in a bush while cracking in to someones network using a laptop.

Re:Battery lasts for only 12 minutes (2)

mjwalshe (1680392) | about 2 months ago | (#47507981)

could use a bigger drone to airlift a raspberry pi powered drone plus battery pack onto the roof - bonus points for making the pi solar powered

Re:Battery lasts for only 12 minutes (0)

Anonymous Coward | about 2 months ago | (#47508823)

I often refer to my Ar drone 2.0 as a flying Linux box lol.
the drone range is so limited even on gps flying that you can actually actually with a good directional wifi antenna get the same information.

Re:Battery lasts for only 12 minutes (1)

stephanruby (542433) | about 2 months ago | (#47509131)

How much damage can one do with that? Seems easier to sneak up close and hide in a bush while cracking in to someones network using a laptop.

Yes, but your laptop, or your Android device as proxy [telerik.com] , wouldn't have the convenient AR_DRONE_ID#### SSID attached to it, so the security idiots at FUD Networks wouldn't have any idea how to detect those.

Re:Battery lasts for only 12 minutes (1)

stephanruby (542433) | about 2 months ago | (#47509329)

Sorry, I provided the wrong link. To capture wifi traffic with an Android device, you'd need this instead [appbrain.com] .

Re:Battery lasts for only 12 minutes (1)

plover (150551) | about 2 months ago | (#47509223)

You don't have to be flying in order to serve as a rogue access point. Just land the drone near the target and hack from there. Besides, you'll attract a lot less attention if you're hiding the machine on the victim's roof.

so? (1)

mjwalshe (1680392) | about 2 months ago | (#47507959)

Don't all wifi management tools do rogue ap detection - I rember playing with the cisco one and that has some neat ICE tech in it

Google (0)

Anonymous Coward | about 2 months ago | (#47508585)

The reason the craft are dangerous is that they can be modified to act as rogue access points and sent into range of a victim's wireless network, potentially breaking into a network to steal data

They'll probably buy about a million of these.

AirMagnet (1)

redfood (471234) | about 2 months ago | (#47508619)

Did anyone else click on this story hoping to see some sort of magnet dart gun or EMP gun used for disabling drones?

Boring (3, Funny)

c (8461) | about 2 months ago | (#47508757)

I want to see a security tool which hijacks the drone control connection, lands it on my roof, and shuts it down so it won't leave.

I can't quite decide if the followup should be "call the police", "hold drone ransom" or "just keep it", but I'm sure I'd think of something.

Re:Boring (1)

Ol Olsoc (1175323) | about 2 months ago | (#47508969)

I want to see a security tool which hijacks the drone control connection, lands it on my roof, and shuts it down so it won't leave.

I can't quite decide if the followup should be "call the police", "hold drone ransom" or "just keep it", but I'm sure I'd think of something.

Just wait until it comes into the airspace above your roof, then blast it with a wideband signal around 2.4 GHz. It will screw the wifi connection to the phone or tablet controlling it, and the drone, now goes into landing mode, looking for a safe place to land. It will slowly descend onto your roof.

The owner will see all this, and might take umbrage at your stealing their drone. Which almost certainly wouldn't be flying over your roof anyhow.

Re:Boring (1)

c (8461) | about 2 months ago | (#47509093)

The owner will see all this, and might take umbrage at your stealing their drone. Which almost certainly wouldn't be flying over your roof anyhow.

Well, I live in the country. If a wifi-controlled drone gets within signal range of my house, the owner is very likely trespassing and almost certainly snooping on my property in particular.

Re:Boring (1)

Ol Olsoc (1175323) | about 2 months ago | (#47509269)

Well, I live in the country. If a wifi-controlled drone gets within signal range of my house, the owner is very likely trespassing and almost certainly snooping on my property in particular.

Um, sure. Most of us drone users stay well away from houses. The whole "drone spying on your teenage daughter as she lovingly caresses her nubile body in the shower", and on and on and on, is something straight out of Law and Order, or porn movies. Or that packs of parrot users are going to break into your wifi network, or sit in smoke filled rooms, coming up with new ways to violate your civil rights.

Everyone I know just enjoys the little bit of flight time, for the few minutes the batteries allow, and making videos to share on youtube. They are toys.

Probably the most subversive thing we do is put leds on them and play "pretend UFO".

But as I said, I gave you the info to down one over your property. Use that info as you will.

Re:Boring (1)

c (8461) | about 2 months ago | (#47512363)

Most of us drone users stay well away from houses.

As I said, I live in the country.

Most ATVers, snowmobilers, boaters, hunters, etc are perfectly respectable people who go out of their way not to bother anyone, and I have no issue with them.

Those other fuckers, however... I have absolutely no doubt that drone technology will become simple and ubiquitous enough that the sort of asshole who enjoys annoying people with expensive toys will inevitably discover and abuse it.

Re:Boring (1)

Ol Olsoc (1175323) | about 2 months ago | (#47512653)

Those other fuckers, however... I have absolutely no doubt that drone technology will become simple and ubiquitous enough that the sort of asshole who enjoys annoying people with expensive toys will inevitably discover and abuse it.

Glenn Beck called. He said you're getting a little over the top.

Re:Boring (1)

CaptQuark (2706165) | about 2 months ago | (#47513789)

If I was going to attempt to break into your network or record video of your property, I would connect the camera and wifi equipment to a kite and fly it over your house. No noise, people are used to seeing kites, and I retain control of the kite and can bring it back quickly. I could do the same thing with a long pole from my car or a balloon.

Flying RC toys are just the trigger topic of the week to get people's ire up.

~~

Arguments based on drone range (1)

jeffb (2.718) (1189693) | about 2 months ago | (#47509271)

It's possible to connect a controller to an antenna that vastly extends its range. Is your property extensive enough to give you a 2-kilometer perimeter [parrot.com] around your house?

Re:Arguments based on drone range (1)

c (8461) | about 2 months ago | (#47512295)

It's possible to connect a controller to an antenna that vastly extends its range. Is your property extensive enough to give you a 2-kilometer perimeter around your house?

I specifically said "the signal range of my house". Stock antennas on a router in the basement. If my network can see the drone, it's going to be pretty close.

Re:Boring (1)

Anonymous Coward | about 2 months ago | (#47509115)

That sounds like the "Frisbeeatarian" approach.

Frisbeeatarians believe that when you die, your soul goes up on the roof and nobody can get it down.

Not an interesting article (0)

Anonymous Coward | about 2 months ago | (#47508907)

but if you wanted to take down a drone maybe a GPS noise source with a directional antenna pointed at the little bird would have interesting results.

Huh? (1)

Ol Olsoc (1175323) | about 2 months ago | (#47508943)

These drones get their control via wifi.

Wouldn't this mean that the person controlling the drone would have to be on the wifi system already?

It isn't just going to stay there without any control. On my parrot, the drone will ease on down if it loses contact with the controller. Kind of keeps it from flying on til hte batteries drop if you lose contact. So it would need multiple wifi's. Oh, and then it wouldn't be recognizable as a parrot drone. And....

Even if you could rig it to attack another wifi, it would have to have that second wireless adapter, and you'd need a second computer to do the hacking, and you'd need to get all this done in the precious few minutes of flight time. And the flight time would be even less because of the second wifi weight and battery drain. And....

Oh, and you'd need to be standing right outside the place you were hacking into. The wireless range of these things is really short. And...

This is FUD, plain and simple. Tring to break into a wireless system with a parrot would be like driving from Philadelphia to New Jersey by way of Australia, with stops in Anarctica, and the moon beforehand.

10 Minutes Flight time (1)

bobbutts (927504) | about 2 months ago | (#47509383)

This is going to need to be a very fast attack since the battery on the quadcopter only lasts around 5-10 min.

It a drone? (0)

Anonymous Coward | about 2 months ago | (#47509463)

"a popular unmanned aerial vehicle that costs a few hundred dollars"

And it unmanned. It needed to be said?
Most toys are.

Armed Solution (0)

Anonymous Coward | about 2 months ago | (#47509817)

Shotguns work wonders.

snarky comment (0)

Anonymous Coward | about 2 months ago | (#47510393)

Issuing air pistols? You can't hit a drone with a pistol. No you need to arm the site security with full chock, 12 gauge, shot guns.
That way every knows when a drone is near by. The window explodes when security shots the drone hovering next to it. It also helps cut down on the population of 'window sitters'

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>