Hackers Could Use Cheap R/C Helos To Attack Your Home
Network
The law enforcement world has been anxiously awaiting clearance
from the FAA to operate small, unmanned helicopters in densely
populated areas to help out with tasks as diverse as support for
the SWAT Team and routine measurements at auto accident scenes.
These machines can cost anywhere from a few thousand to over
$100,000, and manufacturers are lined up in wait to provide them
once the FAA drops the green flag.
But on the other side of the law are miscreants who probably
won't feel the need to even seek regulatory approval, let alone
wait for it. MIT's Technology Review reports researchers at the
Stevens Institute of Technology (SIT) in New Jersey have
demonstrated a drone they've dubbed "SkyNet," (pictured, SIT
photo,) built on a remote-controlled, toy quadricopter which can
buzz through neighborhoods looking for wifi networks with poor
security. The goal would be to automatically infect computers on
those networks with software to create a botnet, or a group of
computers which can be remotely controlled, for nefarious purposes
such as Distributed Denial of Service (DDoS) attacks on
websites.
Unlike law enforcement drones, these are based on a $400 UAV,
and require as little as another $200 to finish. They're
remote-controlled using 3G cards, and can fly for a few minutes on
a charge. But Sven Dietrich, an assistant professor in computer
science at the Stevens Institute of Technology who led the
development of one of the drones, also notes, "[Our] drone can land
close to the target and sit there—and if it has solar power,
it can recharge—and continue to attack all the networks
around it." There is also technology available off the shelf which
could allow a small UAV to actually follow you as you drive home by
tracking your mobile phone, then sit on your roof and look for
wireless security vulnerabilities.
Such capabilities would be a boon for those who would attack
your computer. Home wireless networks generally have relatively
primitive security measures compared to your internet service
provider, and by coming in through your own network, the source of
an attack could be much harder to trace.
As creepy as this development sounds, there's also cause for
optimism. As might be imagined, as soon as the presentations became
public, network-savvy readers began comparing notes on possible
ways to jam or confuse the remote control signals used to control
the UAVs. But it's not safe to assume you're safe. Tom Kellerman,
chief technology officer of the wireless security firm AirPatrol,
tells MIT's Technology Review it's time for companies to lock down
their wireless access points. "If you are a Fortune 1,000," he
says, "you should be concerned, because competitive intelligence
has evolved. It has taken on a whole new arsenal of capabilities
due to cyber and wireless."