Forgot your password?
typodupeerror
Robotics Security IT

Hackers' Flying Drone Now Eavesdrops On GSM Phones 90

Posted by Soulskill
from the it-slices-it-dices-it-makes-juilenne-fries dept.
Sparrowvsrevolution writes "At the Black Hat and Defcon security conferences in Las Vegas next week, Mike Tassey and Richard Perkins plan to show the crowd of hackers a year's worth of progress on their Wireless Aerial Surveillance Platform, or WASP, the second year Tassey and Perkins have displayed the 14-pound, six-foot-long, six-foot wingspan unmanned aerial vehicle. The WASP, built from a retired Army target drone converted from a gasoline engine to electric batteries, is equipped with an HD camera, a cigarette-pack-sized on-board Linux computer packed with network-hacking tools, including the BackTrack testing toolset and a custom-built 340 million word dictionary for brute-force guessing of passwords, and eleven antennae. On top of cracking Wi-Fi networks, the upgraded WASP now also performs a new trick: impersonating the GSM cell phone towers used by AT&T and T-Mobile to trick phones into connecting to the plane's antenna rather than their carrier, allowing the drone to record conversations and text messages on 32 gigs of storage."
This discussion has been archived. No new comments can be posted.

Hackers' Flying Drone Now Eavesdrops On GSM Phones

Comments Filter:
  • by rbrausse (1319883) on Friday July 29, 2011 @11:02AM (#36921544)

    3, 2, ....

    cool toy, and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

    • by ArhcAngel (247594)
      I believe Rupert Murdoch expressed an interest in this last year.
    • . . . and the rationale "The number one reason we did this was because we were told it wouldn’t be possible” is THE reason why we as mankind are still innovative (okay, "because I can" is similar important)

      Its also the reason why we are plagued by old problems that are either boring or mostly afflict the poor or otherwise powerless, while much of mankind's innovation is focused on re-solving glamours or lucrative problems, creating attention-seeking gimmicks and other stupid-human-tricks.

  • ....link!
  • by Anonymous Coward
    I'm a Sprint customer!
  • on amazon maybe?
  • Every single day it seems like the future societies described in Shadowrun and Cyberpunk 2020 are that much closer.

  • by ugen (93902) on Friday July 29, 2011 @11:26AM (#36921814)

    If government was doing this - it'd be an outcry of "oh, the privacy". Hackers - "cool stuff".
    I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

    • by mjperson (160131)

      Dude, a couple of hacker built a UAV that silently taps into cell phone conversations...

      "If government was doing this..."

      What on Earth makes you think that the army doesn't have this capability if a couple of guys at DefCon put it together in a few months?

      • by houghi (78078) on Friday July 29, 2011 @11:49AM (#36922118)

        In the US they do not need one. They have direct access to the towers already. In other countries they already have this.

        Remember the specifics that Bin Laden did not use cell phones? The reason this was mentioned was because if he had, they would have been faster in finding him. And how would they have done that? By using what they already have.

        This all from the standard 'news' places, so basically a reading of the press releases.

        So not only do I think they have it, I know they have it and they told us so.

    • Re: (Score:3, Insightful)

      by Gr33nJ3ll0 (1367543)
      If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.
      • Anyone using this type of tech can abuse it, including the freelance hackers out looking for their Lulz. I am sure the US government already has this capability and most likely some pretty fair defensive systems in place that are constantly evolving as more threats and weaknessess are identified. The increase in UAV reliance in military and intelligence ops alone should keep the sigint R&D adequately funded. Does the government use these types of capabilities illegally? I guess that depends on the area
      • by Danse (1026)

        If the government was doing this it would be more than one, wouldn't be demoed to the public, and would be abused by the police to stalk ex-girlfriends. I suspect that in these guys hands it's slightly safer, though all bets are off if News Corp gets their hands on it.

        Why would the government need it when they can already get all this stuff directly from the telecom companies anyway?

    • by rbrausse (1319883)

      I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

      you have a point here. But you can throw those 2 guys much farther than the ~ 5M people of the executive branch of the US government...

    • by GooberToo (74388)

      +100 Insightful.

    • by Anonymous Coward

      Don't need to, they already have a fiber connected to AT&T's headquarters. http://www.wired.com/threatlevel/2009/10/att-doj-foia/

      Ooh, here is what they are using
      "The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). http:/

    • by element-o.p. (939033) on Friday July 29, 2011 @11:41AM (#36921992) Homepage

      I don't like these guys any more than I like the government and don't trust them any further than I could throw them.

      Tassey and Perkins will demonstrate the WASP’s high-flying exploits at next week’s Black Hat Security Conference in Las Vegas...Tassey, a security consultant to Wall Street and the U.S. intelligence community and Perkins, a senior security engineer supporting the U.S. government [emphasis mine]... [suasnews.com]

      In this case, the difference between "hackers" and "the government" appears to be negligible, at best.

    • by Anonymous Coward

      The point isn't that you, an insignificant lemming, should like it. The point is that it is possible, contrary to what everyone has been saying, and that security against such things should be increased. Hacking isn't usually about destruction as much as it's about curiosity. The problem with our society is that when people find a glaring security defect the first response is to hate the person who found it, rather than congratulating them for being a pioneer and honest enough to alert people to the problem

      • by GooberToo (74388)

        The problem here is, the security problems are both well known and well documented for over a decade now. No one doubts they exist. No one claims otherwise. The societal value added here, even to the hacking community, is a negative number.

        Cool factor? Yes. Very cool? Yes. Untrustworthy douche bags? Yes!!!

        • I disagree. The issues are real, but many question the threat posed by them. A few bored hackers building a proof-of-concept in their garage provides undeniable proof that not only is the threat real but it's well within the reach of anyone who cares to try.

    • by sjames (1099)

      There are several reasons for this. The hackers won't be knocking at 3 A.M. to drag you off to gitmo if you should say your new suitcase is "the bomb". The hackers won't be compiling a database of everybody's phonecalls in case they need to prosecute and/or blackmail you later. The hackers will not be trying to dun you with 'targeted ads' based on your remarks to your friend on the phone.

      The hackers are forthcoming and letting us all know about gaping security holes in public announcements. Odds are this ha

    • Your line of thinking should be more along the lines of "if these hackers with next to no money can do this, odds are the government is already doing it, has been doing it for a long time, time, and simply no one knows about it yet".

  • So will it decrease dropped calls or extend the range? Well either way AT&T can still claim "More bars in more places".
    • LOL neither, it just takes them, and sends them to the blackhole. It just pretends to be a cell tower. Just like visiting www.BankofAmerica.geocities.com Go ahead...give me your information
    • I just put an order for a dozen of those to extend my WiFi network to the beach!

  • A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material. I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.
    • A product such as this, even if only used as a proof of concept, is quite dangerous, and I'd like nothing more than to shoot it down with a Stinger, and destroy all the R&D material.

      The beauty of it is tab a Stinger would probably never hit - no IR signature of note.

      I find it interesting that they label this as a black-hat project, with malicious intentions, which it clearly is. They could have had a better public reception if it was pitched as a military tool to enable battlefield communications by the drone claiming to be a cell-phone carrier tower, like a temp cell tower.

      It's not so much malicious as a way to show that communications are more vulnerable than we realize - and that with some ingenuity people can do some pretty good snooping. If they really were malicious they'd never tell anyone about it - and they seem to be pretty careful about how they go about it to avoid legal or ethical problems as well.

      • by sycodon (149926)

        Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

        • Seems kinda like shooting you the chest with a .22 to show how vulnerable you are to lead bullets.

          No, I'd say it's more alike shooting a 22 into a gel target with a cheap ballistic nylon shirt to show how much damage it can do in an effort to ducat people who think that they are safe from a 22 bullet because they wear a "ballistic" nylon shirt.

  • Abbreviation seems relevant: W.A.S.P. [wikipedia.org]?

  • I for one welcome our new warflying overlords...

  • If you work in a newspaper all you do is befriend a victim of crime, "donate" one to them out of the goodness of our heart and - wahay! - all your base are belong to us. [msn.com]

  • Dick Cheney is wiping salty tears of joy from his puffy alabaster jowels,
    as janitors for major wireless carriers are busy hefting cinderblocks from the toiletbowls of executive office bathrooms.

    me? i take comfort in knowing as a cavedwelling nerd this might not affect me much. The only wireless I use is dedicated to reheating my pizza, and until proven otherwise my celluar conversations are typically deemed 'uncool' and of very little tactical value.

    unless you too hate the fourth edition of DnD...
  • they got a license to use the GSM spectrum.
  • A lot of people seem to be upset that this hack exists. It's used for evil, after all.

    But that's not the point. Aren't you *glad* that you know this is possible? Now that we are aware this can be done, we can start trying to protect against it. The real crime here would have been for these hackers to see a vulnerability, and ignore it. Then anybody else who found the vulnerability could exploit it without knowledge of it even existing. That's a hundred times more dangerous.

    Kudos to these guys on their brill

    • by TheLink (130905)
      AFAIK companies were already selling equipment for listening in on GSM calls back in the 1990s. This was normally installed at the telco level.

      The thing is such telco equipment in those days was usually very expensive, so it's not likely that some random hacker would be able to afford one for personal use, add the necessary other equipment and run his own "proxying" cellphone station.

      But the TLAs/secret services of many countries were certainly already eavesdropping on GSM calls back then.

      That said, back th
  • Emergency cell tower (Score:5, Interesting)

    by Viadd (173388) on Friday July 29, 2011 @11:50AM (#36922130)

    How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity?

    They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

    • +1 Thank you. A positive use for military grade technology.

      • by Thud457 (234763)

        How often have you heard of people who are lost in the woods/at sea, and who could have called for help if they had cell phone connectivity? They could fly one of these as part of a search. Even if the owner isn't actively using the phone, the drone could detect the electronic serial number of each phone in its coverage area and match it against the lost person's phone.

        +1 Thank you. A positive use for military grade technology.

        Sarah Conner disagrees.
        (not quite sure of the correct plural usage here. Sarahs Conner ? Sarah Conners ? But what about Saras ? And O'Conners? Do T-800s implement Soundex? )

    • by gknoy (899301)

      Wow. That's actually really brilliant.

    • by Thail (1124331) on Friday July 29, 2011 @01:18PM (#36923676)
      After Hurricane Katrina, T-Mobile did something very similar. The mounted what is commonly referred to as a COW (Cell on Wheels) onto a helicopter, then flew over the flooded areas. If a cell phone attempted to connect to the tower (Any GSM handset, didn't have to be t-mobile) they were then able to fly around and triangulate the position and find survivors.
  • So how long does it take to go through 340 million words? And wireless networks aren't smart enough to lock you out after 10 failed attempts?
  • by Bengie (1121981)

    I wonder if this attack would work on CDMA. Even though it's a lot more expensive, can it be done? It's a basic MTM attack. Without some sort of public key system, how can we know if we're talking to a legitimate tower?

  • Sadly I've been stuck in telecom the last 10 years. I have to admit I scanned the article, but I missed the part where they connect their 'tower' to the phone company's network. So for argument's sake, let's pretend the mobile registers with the simulated BTS. What magic will connect them to another phone to record a conversation? I suppose they could fake the traffic to get the call connected, oh wait that would require another simulation of an SGSN and multiple protocol message, that I'm having real do

    • by hrimhari (1241292)

      Once the phone accepts the fake BTS, every request can be intercepted, which clearly includes dial-out with target ISDN. Then the other side of the hack only has to repeat the request with whatever connection it has.

      They don't have to bridge it to AT&T or any real cell phone network. It suffices to bridge it to the fixed phone network or use a VOIP access like Skype-out.

      I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fix

      • I think the article mentions that the only drawback is the wrong caller-id info, but if memory serves caller-id can be faked on the fixed phone network. I believe it has been ruled illegal, but guess how effective that would be to stop this hack.

        It's trivial for anyone with a VoIP line or ISDN/T1 to send whatever number they want with a call, so if their carrier will accept and pass it along it'll reach the other end without trouble. Some carriers block sending any numbers which are not associated with the customer, but this is uncommon in my experience outside of residential-focused providers.

  • Combine this cracking technology with the Japanese flying sphere (http://slashdot.org/index2.pl?fhfilter=flying+sphere ) for very flexible snooping.
  • I'm sure any number of military and intelligence agencies would be thrilled to give them a pile of money and all the cool toys they could handle.

  • Where are they taking orders, I want to get one..... before they become illegal to purchase.

  • by clanrat (707500)
    Insects have antennae; radios use antennas. Sorry, pet peeve.

"In order to make an apple pie from scratch, you must first create the universe." -- Carl Sagan, Cosmos

Working...