By Dmitry Sheynin, Contributor
Back in July, The Intercept broke news of a secret joint venture between Boeing subsidiary Insitu and Italian IT firm Hacking Team to develop an aerial drone capable of remotely penetrating devices and networks. Hacking Team would provide the software, and Insitu would build the drone itself.
A leaked email from April outlines the proposed collaboration:
“We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System,” an email from an Insitu engineer to Hacking Team reads. “Galileo” refers to the current version of Hacking Team’s spyware.
The finished drone would be able to not only hack into most consumer devices and networks protected by protocols such as WEP or WPA, but it would do so from an altitude of 150 feet — high enough to make it difficult to see or hear. But perhaps more startling than the drone’s capabilities is that years ago British security researchers had already built more or less the same thing and open sourced it on GitHub.
Dubbed “Snoopy,” the system runs on a wallet-size Linux computer calledBeagleBone Black, which costs about $55 and can be mounted easily to a variety of delivery mediums, like an aerial drone.
“Snoopy’s purpose is to detect signals emitted from devices that we carry, from the Wi-Fi emitted by your phone, to the Bluetooth on your fitness bracelet, to the NFC and RFID of various tags that you may have on you,” said Glenn Wilkinson, a senior security analyst at SensePost, which built Snoopy.
“Snoopy can figure out where you live, where you work, where you’ve traveled to … If you’re not using SSL or you’re using a bad app that doesn’t encrypt traffic, then we can start pulling up cookies and usernames and passwords,” he added.
Snoopy has two modes: It can compromise networks directly using a brute-force style attack, or it can masquerade as a wireless access point and lure users to connect. That isn’t very tricky, Wilkinson said — just name the network something like “Super Fast Amazing Free Wi-Fi,” or better yet, spoof the local Starbucks network. Once connected, Snoopy can access any device and inject malware.
Like most researchers, SensePost created Snoopy to demonstrate security flaws and encourage vendors to patch them. It’s unclear what the intent of the Boeing project was, as Boeing has not released a statement about it. Regardless, it’s easy to point the finger at drones themselves, but that ignores the larger issue of network security, or the lack thereof.
“It isn’t the drone. It’s the security of the network,” said Colin Snow, CEO and founder of Drone Analyst Research and Advisors. “I can drive by somebody’s house in a car and hack into their Wi-Fi.”
That’s fair enough — the Boeing and SensePost systems can be mounted to just about anything, not only drones. Meanwhile, the code that actually makes them dangerous is readily available, as off-the-shelf or open source software.
So what can users do to protect themselves from being spied on? Not much, according to experts. Wilkinson offers some common-sense advice, such as turning off your Wi-Fi when you’re not at home or at work, but he argues the only real protection from most cyber threats is the use of a virtual private network (VPN). Unfortunately, most people don’t know what a VPN is. That’s something Wilkinson and SensePost are working hard to change though.
“That’s the point of this research and getting it into the media,” he said. “Hopefully, it’s enough of an attention-getter that people say, ‘Hey, this VPN thing, what is that and how do I get it to protect myself?’”