Hackers Could Use Cheap R/C Helos To Attack Your Home Network

The law enforcement world has been anxiously awaiting clearance from the FAA to operate small, unmanned helicopters in densely populated areas to help out with tasks as diverse as support for the SWAT Team and routine measurements at auto accident scenes. These machines can cost anywhere from a few thousand to over $100,000, and manufacturers are lined up in wait to provide them once the FAA drops the green flag.

But on the other side of the law are miscreants who probably won't feel the need to even seek regulatory approval, let alone wait for it. MIT's Technology Review reports researchers at the Stevens Institute of Technology (SIT) in New Jersey have demonstrated a drone they've dubbed "SkyNet," (pictured, SIT photo,) built on a remote-controlled, toy quadricopter which can buzz through neighborhoods looking for wifi networks with poor security. The goal would be to automatically infect computers on those networks with software to create a botnet, or a group of computers which can be remotely controlled, for nefarious purposes such as Distributed Denial of Service (DDoS) attacks on websites.

Unlike law enforcement drones, these are based on a $400 UAV, and require as little as another $200 to finish. They're remote-controlled using 3G cards, and can fly for a few minutes on a charge. But Sven Dietrich, an assistant professor in computer science at the Stevens Institute of Technology who led the development of one of the drones, also notes, "[Our] drone can land close to the target and sit there—and if it has solar power, it can recharge—and continue to attack all the networks around it." There is also technology available off the shelf which could allow a small UAV to actually follow you as you drive home by tracking your mobile phone, then sit on your roof and look for wireless security vulnerabilities.

Such capabilities would be a boon for those who would attack your computer. Home wireless networks generally have relatively primitive security measures compared to your internet service provider, and by coming in through your own network, the source of an attack could be much harder to trace.

As creepy as this development sounds, there's also cause for optimism. As might be imagined, as soon as the presentations became public, network-savvy readers began comparing notes on possible ways to jam or confuse the remote control signals used to control the UAVs. But it's not safe to assume you're safe. Tom Kellerman, chief technology officer of the wireless security firm AirPatrol, tells MIT's Technology Review it's time for companies to lock down their wireless access points. "If you are a Fortune 1,000," he says, "you should be concerned, because competitive intelligence has evolved. It has taken on a whole new arsenal of capabilities due to cyber and wireless."

FMI: www.technologyreview.com/computing/38512/?p1=A1