Thursday, August 19, 2010

UAV Drone Sniffs WiFi in the Sky

By: Stephen Geldersma, Digital Designs LLC


WASP - (Wi-Fi Areal Surveillance Platform) is a fully functional Unmanned Aerial Vehicle (UAV) for information gathering with penetration testing capabilities via Wi-Fi. It is a product of two guys interested in computer security with some time on their hands that started back in October 2009.
Equipment/Specs:
The airframe is a US Army target practice drone acquired from an army surplus store. The UAV's avionics are controlled by A DIY Drones' "ArduPilot" (based on the popular Arduino) with some custom additional code tweaking and enhancements. Surveillance capabilities are possible with an onboard Via Epia Pico ITX PC with a Via C7 500 MHz CPU with 1 GB RAM, running the Backtrack 4 suite.


Communication:
In addition to Wi-Fi network features it also has Bluetooth, Cellular, and imaging capabilities. The UAV communicates via Secure Shell over PPP tunnel and is able to have multiple people log in at once for looking at Wi-Fi, 3G and the on-board camera. A 1-watt Alpha Wi-Fi card with a belly mounted 9dbi patch panel antenna pointed down giving 60 degree cone arch of coverage on the ground (400 feet altitude gives about 1000 sq feet of coverage). Telemetry data is communicated with a ground station (1 GHz Via Pico ITX PC with 1 GB of RAM) for real-time tracking, payload interaction, flight operations, and data download (communicates 900MHZ RF or Edge/3G with onboard internet connectivity).

Flight:
Besides the manual takeoff and land, the preprogrammed set of GPS coordinates plotted with Google Earth allow it to fly in a predetermined pattern while collecting data, and then returns to base. The UAV’s course is able to be interrupted and cause it to "loiter" in a circle around an interesting target, allowing the developers more time to investigate and gather more information.
The UAV is said to need some minor tweaks to center gravity. The airframe is modeled after the Russian Cold War MiG design. "It goes very fast or falls out of the sky" said one of the developers. They are constantly on a balancing act at the moment and are looking to get it much more stable in the near future. Hak5 gave an interview at Defcon18 with the developers - Mike and Rich, who said they once took "20-25G direct impact to the nose of the airframe while full throttle and were able to repair the airframe in about an hour - half of which was waiting for the 30-min epoxy to dry".


In the end the WASP comes to about 13 pounds, 76 inches in length, and a wingspan of 67 inches.

Flight time: 30-45 minutes | Max altitude: 22,000 feet.

Their Next Step/Future:
The developers wish to integrate a USRP with OpenBTS for GSM network cracking capabilities. Pending that a USRP would fit or if they moved on to a larger airframe to handle the additional size and weight.

More information:
Rabbit-hole.org – build blog, pictures, spec sheet of features


Links:
(from the guys at Rabbit-hole.org provided to help make your own UAV Drone)
http://www.DIYDrones.com (ArduPilot and accessories)
http://www.horizonhobby.com/ (R/C parts servos, motor, reciever & radios, etc)
http://www.via.com.tw/en/initiatives/spearhead/pico-itx/ (payload & ground station control computers)
http://www.sparkfun.com/commerce/categories.php (Xbee radios + misc electronics) 
http://www.backtrack-linux.org/ (payload computer OS)

Disclaimer: 
Understand that operation of this type of vehicle is dangerous and prone to accidents, operation of such a vehicle might violate laws in your area. The WASP is a proof of concept vehicle flown under controlled conditions with supervision of trained personnel, please do not attempt to fly any remote control or autonomous UAV over populated areas as this is dangerous and could result in serious injury or property damage. We are very serious about this. Fly only in approved airspace and within line of sight. Contact your local authorities if you wish to know the laws governing the operation of these type of vehicles in your area prior to flying. This information is for informational use only, use at your own risk - (Rabbit-hole.org)

Final Thoughts:
It's almost scary to imagine the ability to crack into GSM cellular networks from the sky. I will explain more on GSM cracking in a future blog post. However, I really like their goal of building this UAV drone without breaking the bank too much, using already existing equipment as much as possible, open-source software, and wanting people to be able to follow their footsteps without having to basically have a PhD in electrical or aeronautical engineering. These are two guys that definitely pulled their talents together while empowered by their common interest in computer security.


-Stephen Geldersma, Digital Designs LLC


Sources: 
Rabbit-hole.org
Hak5.org


Last Updated: 08/19/2010 20:15 ET

*Posting is provided "AS IS" with no warranties, and confers no rights.*
Posted by DigitalDesigns at 8:12 PM
Labels: , , , , , ,

No comments:

Post a Comment

Thank you for your contribution. Your post will be published shortly after it is filtered for any inappropriate material. Please do not use ALL CAPS, flame, use inappropriate material/references in your post or they may not be published.

Subscribe to: Post Comments (Atom)