Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers' Flying Drone Now Eavesdrops On GSM Phones

Posted by Soulskill on from the it-slices-it-dices-it-makes-juilenne-fries dept.

Sparrowvsrevolution writes "At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year's worth of progress on their Wireless Aerial Surveillance Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot-long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack-sized on-board Linux computer packed with network-hacking tools, including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae. On top of cracking Wi-Fi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane's antenna rather than their carrier, allowing the drone to record conversations and text messages on 32 gigs of storage."

58 of 90 comments (clear)

  1. RC planes will be illegal in by rbrausse · · Score: 3, Insightful

    3, 2, ....

    cool toy, and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

    1. Re:RC planes will be illegal in by ArhcAngel · · Score: 2

      I believe Rupert Murdoch expressed an interest in this last year.

      --
      "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    2. Re:RC planes will be illegal in by atomicxblue · · Score: 1

      Why go through all that trouble when your reporters can just give people phones you control?

    3. Re:RC planes will be illegal in by Anonymous Coward · · Score: 1

      In the US there are certain conditions with which one can operate a UAV. Here is the fed doc: http://www.faa.gov/about/initiatives/uas/media/UAS_FACT_Sheet.pdf

    4. Re:RC planes will be illegal in by PeanutButterBreath · · Score: 1

      . . . and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

      Its also the reason why we are plagued by old problems that are either boring or mostly afflict the poor or otherwise powerless, while much of mankind's innovation is focused on re-solving glamours or lucrative problems, creating attention-seeking gimmicks and other stupid-human-tricks.

  2. The missing... by gef7 · · Score: 1

    ....link!

  3. Doesn't matter to me... by Anonymous Coward · · Score: 2, Insightful

    I'm a Sprint customer!

  4. can i buy this? by cod3r_ · · Score: 1

    on amazon maybe?

  5. Gamers rejoice! by squidflakes · · Score: 1

    Every single day it seems like the future societies described in Shadowrun and Cyberpunk 2020 are that much closer.

    1. Re:Gamers rejoice! by ginbot462 · · Score: 1

      Still waiting on the Glitter Boys

      --
      Atlas Shrugged : Thematic Story :: Battlefield Earth : Organized Religion
  6. If government was doing this by ugen · · Score: 2

    If government was doing this - it'd be an outcry of "oh, the privacy". Hackers - "cool stuff".
    I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

    1. Re:If government was doing this by mjperson · · Score: 1

      Dude, a couple of hacker built a UAV that silently taps into cell phone conversations...

      "If government was doing this..."

      What on Earth makes you think that the army doesn't have this capability if a couple of guys at DefCon put it together in a few months?

    2. Re:If government was doing this by Gr33nJ3ll0 · · Score: 2, Insightful

      If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.

    3. Re:If government was doing this by rbrausse · · Score: 2

      I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

      you have a point here. But you can throw those 2 guys much farther than the ~ 5M people of the executive branch of the US government...

    4. Re:If government was doing this by GooberToo · · Score: 1

      +100 Insightful.

    5. Re:If government was doing this by Anonymous Coward · · Score: 1

      Don't need to, they already have a fiber connected to AT&T's headquarters. http://www.wired.com/threatlevel/2009/10/att-doj-foia/

      Ooh, here is what they are using
      "The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). http://www.wired.com/science/discoveries/news/2006/05/70908

      It was obvious to Klein that the splitter—a special glass prism—was being used to split the light beams in the fiber-optic cables into two signals—one signal carrying the message to its normal destination, the other carrying a copy to the NSA computers a floor below. Klein writes: “The important fact is that each separate signal contains all the information, nothing is lost, so in effect the entire data stream has been copied. What screams out at you when examining this physical arrangement is that the NSA was vacuuming up everything flowing in the Internet stream: e-mail, web browsing, Voice-Over-Internet phone calls, pictures, streaming video, you name it.” Klein learned from a co-worker that similar splitter cabinets were being used in other cities, including Seattle, San Jose, Los Angeles and San Diego.

      The next big piece in the puzzle came when Klein found out that the NSA’s secret room included a piece of equipment called a Narus STA 6400.
      http://www.icl-fi.org/english/wv/953/spying.html

    6. Re:If government was doing this by element-o.p. · · Score: 3, Informative

      I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

      Tassey and Perkins will demonstrate the WASP’s high-flying exploits at next week’s Black Hat Security Conference in Las Vegas...Tassey, a security consultant to Wall Street and the U.S. intelligence community and Perkins, a senior security engineer supporting the U.S. government [emphasis mine]...

      In this case, the difference between "hackers" and "the government" appears to be negligible, at best.

      --
      MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
    7. Re:If government was doing this by Anonymous Coward · · Score: 1

      The point isn't that you, an insignificant lemming, should like it. The point is that it is possible, contrary to what everyone has been saying, and that security against such things should be increased. Hacking isn't usually about destruction as much as it's about curiosity. The problem with our society is that when people find a glaring security defect the first response is to hate the person who found it, rather than congratulating them for being a pioneer and honest enough to alert people to the problem. Our absurd ostrich approach is the problem. If person X finds an exploit in a system and tells the administrators about it, we act as though they put the defect there... when in reality all they did was discover it.

      Systems are flawed and without people finding the flaws that are willing to come forward about them, they remain open for more nefarious types to exploit.

    8. Re:If government was doing this by houghi · · Score: 4, Insightful

      In the US they do not need one. They have direct access to the towers already. In other countries they already have this.

      Remember the specifics that Bin Laden did not use cell phones? The reason this was mentioned was because if he had, they would have been faster in finding him. And how would they have done that? By using what they already have.

      This all from the standard 'news' places, so basically a reading of the press releases.

      So not only do I think they have it, I know they have it and they told us so.

      --
      Don't fight for your country, if your country does not fight for you.
    9. Re:If government was doing this by cavreader · · Score: 1

      Anyone using this type of tech can abuse it, including the freelance hackers out looking for their Lulz. I am sure the US government already has this capability and most likely some pretty fair defensive systems in place that are constantly evolving as more threats and weaknessess are identified. The increase in UAV reliance in military and intelligence ops alone should keep the sigint R&D adequately funded. Does the government use these types of capabilities illegally? I guess that depends on the area of operations and who is running the ops? This type of capability certainly provides the chance for misuse but do we stop developing this tech just because someone might do something bad with it? Certainly some tech can fall into this category such as the technology behind bio, chemical, and nuclear weapons but sigint tech?

    10. Re:If government was doing this by GooberToo · · Score: 1

      The problem here is, the security problems are both well known and well documented for over a decade now. No one doubts they exist. No one claims otherwise. The societal value added here, even to the hacking community, is a negative number.

      Cool factor? Yes. Very cool? Yes. Untrustworthy douche bags? Yes!!!

    11. Re:If government was doing this by Danse · · Score: 1

      If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.

      Why would the government need it when they can already get all this stuff directly from the telecom companies anyway?

      --
      It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
    12. Re:If government was doing this by wolrahnaes · · Score: 1

      I disagree. The issues are real, but many question the threat posed by them. A few bored hackers building a proof-of-concept in their garage provides undeniable proof that not only is the threat real but it's well within the reach of anyone who cares to try.

      --
      I used to get high on life, but I developed a tolerance. Now I need something stronger.
    13. Re:If government was doing this by sjames · · Score: 1

      There are several reasons for this. The hackers won't be knocking at 3 A.M. to drag you off to gitmo if you should say your new suitcase is "the bomb". The hackers won't be compiling a database of everybody's phonecalls in case they need to prosecute and/or blackmail you later. The hackers will not be trying to dun you with 'targeted ads' based on your remarks to your friend on the phone.

      The hackers are forthcoming and letting us all know about gaping security holes in public announcements. Odds are this has been around classified top secret in various government agencies that aren't actually supposed to be using the technology at all but do so daily.

  7. Will it decrease dropped call by Bob+the+Super+Hamste · · Score: 1

    So will it decrease dropped calls or extend the range? Well either way AT&T can still claim "More bars in more places".

    --
    Time to offend someone
    1. Re:Will it decrease dropped call by Chronus1326 · · Score: 1

      LOL neither, it just takes them, and sends them to the blackhole. It just pretends to be a cell tower. Just like visiting www.BankofAmerica.geocities.com Go ahead...give me your information

    2. Re:Will it decrease dropped call by justforgetme · · Score: 1

      I just put an order for a dozen of those to extend my WiFi network to the beach!

      --
      -- no sig today
  8. Is this really a good thing? by Chronus1326 · · Score: 1

    A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material. I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.

    1. Re:Is this really a good thing? by Registered+Coward+v2 · · Score: 1

      A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material.

      The beauty of it is tab a Stinger would probably never hit - no IR signature of note.

      I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.

      It's not so much malicious as a way to show that communications are more vulnerable than we realize - and that with some ingenuity people can do some pretty good snooping. If they really were malicious they'd never tell anyone about it - and they seem to be pretty careful about how they go about it to avoid legal or ethical problems as well.

      --
      I'm a consultant - I convert gibberish into cash-flow.
    2. Re:Is this really a good thing? by sycodon · · Score: 1

      Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    3. Re:Is this really a good thing? by Registered+Coward+v2 · · Score: 1

      Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

      No, I'd say it's more alike shooting a 22 into a gel target with a cheap ballistic nylon shirt to show how much damage it can do in an effort to ducat people who think that they are safe from a 22 bullet because they wear a "ballistic" nylon shirt.

      --
      I'm a consultant - I convert gibberish into cash-flow.
  9. WASP? by balaband · · Score: 1

    Abbreviation seems relevant: W.A.S.P.?

  10. Re:Time to build an open source Stinger clone by Chronus1326 · · Score: 1

    See my comment, three paragraphs down

  11. Can't resist by spaceplanesfan · · Score: 1

    I for one welcome our new warflying overlords...

  12. Hacking phones is much easier than that by phonewebcam · · Score: 1

    If you work in a newspaper all you do is befriend a victim of crime, "donate" one to them out of the goodness of our heart and - wahay! - all your base are belong to us.

  13. somewhere, somehow by nimbius · · Score: 1

    Dick Cheney is wiping salty tears of joy from his puffy alabaster jowels,
    as janitors for major wireless carriers are busy hefting cinderblocks from the toiletbowls of executive office bathrooms.

    me? i take comfort in knowing as a cavedwelling nerd this might not affect me much. The only wireless I use is dedicated to reheating my pizza, and until proven otherwise my celluar conversations are typically deemed 'uncool' and of very little tactical value.

    unless you too hate the fourth edition of DnD...

    --
    Good people go to bed earlier.
    1. Re:somewhere, somehow by Sir_Eptishous · · Score: 1

      DnD died after 2nd edition... Long live TSR!

      --
      We play the game with the bravery of being out of range
  14. I wonder how by bugs2squash · · Score: 1

    they got a license to use the GSM spectrum.

    --
    Nullius in verba
  15. Information is good! by bshourd · · Score: 2

    A lot of people seem to be upset that this hack exists. It's used for evil, after all.

    But that's not the point. Aren't you *glad* that you know this is possible? Now that we are aware this can be done, we can start trying to protect against it. The real crime here would have been for these hackers to see a vulnerability, and ignore it. Then anybody else who found the vulnerability could exploit it without knowledge of it even existing. That's a hundred times more dangerous.

    Kudos to these guys on their brilliance, and ethical kudos on unveiling it. Without people like this, we would never know that we were in danger. Although, as they say, ignorance is bliss.

    1. Re:Information is good! by TheLink · · Score: 1

      AFAIK companies were already selling equipment for listening in on GSM calls back in the 1990s. This was normally installed at the telco level.

      The thing is such telco equipment in those days was usually very expensive, so it's not likely that some random hacker would be able to afford one for personal use, add the necessary other equipment and run his own "proxying" cellphone station.

      But the TLAs/secret services of many countries were certainly already eavesdropping on GSM calls back then.

      That said, back then (and even today) HAM radio enthusiasts could listen in on analog cellphones and cordless phones.

      --
  16. Re:What.... by Anonymous Coward · · Score: 1

    Pascal's Wager?

  17. Re:What.... by arootbeer · · Score: 1

    Well played!

  18. Emergency cell tower by Viadd · · Score: 5, Interesting

    How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity?

    They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

    1. Re:Emergency cell tower by digital+photo · · Score: 1

      +1 Thank you. A positive use for military grade technology.

      --

      Winged Power Photography
    2. Re:Emergency cell tower by gknoy · · Score: 1

      Wow. That's actually really brilliant.

    3. Re:Emergency cell tower by Thud457 · · Score: 1

      How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity? They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

      +1 Thank you. A positive use for military grade technology.

      Sarah Conner disagrees.
      (not quite sure of the correct plural usage here. Sarahs Conner ? Sarah Conners ? But what about Saras ? And O'Conners? Do T-800s implement Soundex? )

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    4. Re:Emergency cell tower by Thail · · Score: 4, Informative

      After Hurricane Katrina, T-Mobile did something very similar. The mounted what is commonly referred to as a COW (Cell on Wheels) onto a helicopter, then flew over the flooded areas. If a cell phone attempted to connect to the tower (Any GSM handset, didn't have to be t-mobile) they were then able to fly around and triangulate the position and find survivors.

  19. 340 million word dictionary? by seven+of+five · · Score: 1

    So how long does it take to go through 340 million words? And wireless networks aren't smart enough to lock you out after 10 failed attempts?

  20. CDMA by Bengie · · Score: 1

    I wonder if this attack would work on CDMA. Even though it's a lot more expensive, can it be done? It's a basic MTM attack. Without some sort of public key system, how can we know if we're talking to a legitimate tower?

  21. Record Conversations? by stinkyj · · Score: 1

    Sadly I've been stuck in telecom the last 10 years. I have to admit I scanned the article, but I missed the part where they connect their 'tower' to the phone company's network. So for argument's sake, let's pretend the mobile registers with the simulated BTS. What magic will connect them to another phone to record a conversation? I suppose they could fake the traffic to get the call connected, oh wait that would require another simulation of an SGSN and multiple protocol message, that I'm having real doubts about, but lets say they have done it somehow. We have an AT&T microcell here because of shotty coverage and that's a piece of junk.
    What are you going to talk to? a prerecorded message that you've never heard before? then again some granny may tell them her shopping list...

    1. Re:Record Conversations? by hrimhari · · Score: 1

      Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.

      They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.

      I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.

      --
      http://dilbert.com/2010-12-13
    2. Re:Record Conversations? by wolrahnaes · · Score: 1

      I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.

      It's trivial for anyone with a VoIP line or ISDN/T1 to send whatever number they want with a call, so if their carrier will accept and pass it along it'll reach the other end without trouble. Some carriers block sending any numbers which are not associated with the customer, but this is uncommon in my experience outside of residential-focused providers.

      --
      I used to get high on life, but I developed a tolerance. Now I need something stronger.
  22. Time to wear the foil hat. by russryan · · Score: 1

    Combine this cracking technology with the Japanese flying sphere (http://slashdot.org/index2.pl?fhfilter=flying+sphere ) for very flexible snooping.

  23. I see a huge job offer in their future. by pushf+popf · · Score: 1

    I'm sure any number of military and intelligence agencies would be thrilled to give them a pile of money and all the cool toys they could handle.

  24. i am sure the Feds want one of these.... by hesaigo999ca · · Score: 1

    Where are they taking orders, I want to get one..... before they become illegal to purchase.

    1. Re:i am sure the Feds want one of these.... by clanrat · · Score: 1

      They already have much better ones: http://en.wikipedia.org/wiki/RC-12_Guardrail

  25. Bugs? by clanrat · · Score: 1

    Insects have antennae; radios use antennas. Sorry, pet peeve.

  26. Er... think a bit harder by brunes69 · · Score: 1

    Your line of thinking should be more along the lines of "if these hackers with next to no money can do this, odds are the government is already doing it, has been doing it for a long time, time, and simply no one knows about it yet".