http://www.ubergizmo.com/2011/08/spy-drone-cracks-wi-fi-networks-and-cell-data/


Who would have thought that with some technical know how and an interest in DIY projects, this particular duo of an airplane hobby shop owners as well as an ex-Air Force official managed to conjure a flying drone which is smart enough to crack into Wi-Fi and cell phones. Mike Tassey and Richard Perkins, the dynamic duo, are the brains and hands behind the Wireless Aerial Surveillance Platform (WASP for short) – a flying drone which sports a 6-foot wingspan, a 6-foot length and tipping the scale at 14 pounds.

How long before LEOs can get their hands on it?

Next week Tuesday on Amazon.

dident google do this first?

Yeah, but they used a manned ground based platform.

Why even bother with a drone just for capturing signals. ? Just use a tethered balloon. And they still have to decrypt. You can capture wi fi right now on foot or in a car.

You missed something, it was designed to Murdoch specs and used for "intelligence gathering" missions... illegally of course. Hey, just Google "spy drone" and see what it comes up with...

I understand about spy drones. There are ready made commercial ones that come at a high price, and there are less expensive homebrew systems using anything from radio controlled planes, helicopters, and quadcopters. Matter of fact I've met a couple of people who have experimented with video cameras, and even infrared on their planes, helicopters, etc.

But it still doesn't seem to make much sense to use a drone for doing things like cell phone and wifi interception that can just as easily be done from the ground. I have a couple of reasons for feeling like this.

1) It is illegal and dangerous to fly drones over populated areas. Unless your target is in a sparsely populated area and close to a field where you can launch your drone and monitor its flight from the ground it won't be of much use and can land you in a heap of trouble. A relatively small rc plane or helicopter capable of carrying enough equipment can easily kill or maim a person if it were to go out of control

2) If you cannot control it via line of site then you need either FPV or radar guidance to fly it beyond your line of site. This starts to become quite expensive and again, quite illegal, esp over populated areas. There are permits that can be acquired but they are rather hard to get.

3) Both electric and gas powered flight is high in energy consumption. Thus air time is short unless the drone is very well designed from the ground up for long sustained flights.

4) Night time or bad weather ... well need I say more ?

It sounds like a lot of trouble to go through to intercept or jam wifi or cell phones when the same thing can be done more reliably and more cheaply from the ground. I can see them are having great value for remote aerial surveillance via remote on board camera.

"But it still doesn't seem to make much sense to use a drone for doing things like cell phone and wifi interception that can just as easily be done from the ground. I have a couple of reasons for feeling like this."

It would make sense in a war zone, where you cannot be on the ground. I guess maybe in a neighborhood where you don't fit in.

"1) It is illegal and dangerous to fly drones over populated areas. Unless your target is in a sparsely populated area and close to a field where you can launch your drone and monitor its flight from the ground it won't be of much use and can land you in a heap of trouble. A relatively small rc plane or helicopter capable of carrying enough equipment can easily kill or maim a person if it were to go out of control."

Smaller systems can be hand launched and parachute or wire recovered from the top of any building. We demonstrated this to the NYPD. With a video camera to do first person flight, we could direct an R/C aircraft with a 1 lb block of "Clay" into a two foot by two foot window. Small electric or gas engine powered air vehicles hardly ever get noticed compared to stationary balloons.

"2) If you cannot control it via line of site then you need either FPV or radar guidance to fly it beyond your line of site. This starts to become quite expensive and again, quite illegal, esp over populated areas. There are permits that can be acquired but they are rather hard to get."

The one in he story is GPS guided. You preload the surveillance flight path and altitude into the flight computer, then send it on its way.

"3) Both electric and gas powered flight is high in energy consumption. Thus air time is short unless the drone is very well designed from the ground up for long sustained flights."

A 20 mile race track is possible. Opportunities to collect lots of Wifi locations and passwords.

"4) Night time or bad weather ... well need I say more ?"

Night time is no issue for a GPS guided drone, bad weather, well even the USAF stays home.


"It sounds like a lot of trouble to go through to intercept or jam wifi or cell phones when the same thing can be done more reliably and more cheaply from the ground. I can see them are having great value for remote aerial surveillance via remote on board camera."

You can't cover the same area as an aircraft moving at 50 mph. Wifi ranges are limited. To spoof cell phones by pretending to be a cell phone tower, you really need to get between the user and the tower to capture the signal. Its also easier to fly over the target and collect GPS coordinates, then to try and triangulate using multiple balloons and/or ground vehicles. The amazing part of that aircraft is the Computer with a 340 million word vocabulary. It breaks the password protected Wifi sites!

"But it still doesn't seem to make much sense to use a drone for doing things like cell phone and wifi interception that can just as easily be done from the ground. I have a couple of reasons for feeling like this."

It would make sense in a war zone, where you cannot be on the ground. I guess maybe in a neighborhood where you don't fit in.

Right, maybe. But I am talkig about non-military apps.


"1) It is illegal and dangerous to fly drones over populated areas. Unless your target is in a sparsely populated area and close to a field where you can launch your drone and monitor its flight from the ground it won't be of much use and can land you in a heap of trouble. A relatively small rc plane or helicopter capable of carrying enough equipment can easily kill or maim a person if it were to go out of control."

[QUOTE]Smaller systems can be hand launched and parachute or wire recovered from the top of any building. We demonstrated this to the NYPD. With a video camera to do first person flight, we could direct an R/C aircraft with a 1 lb block of "Clay" into a two foot by two foot window.

With my smaller helicopters I can fit in through a smaller window. Nothing special here. Also, if there is any appreciable wind all bets are off.



Small electric or gas engine powered air vehicles hardly ever get noticed compared to stationary balloons.

probably not, but they are still quite noticeable once they start operating at low altitudes in close proximity to people. Electrics are quiet but as they get closer they are easily heard and draw attention.

Also, How small is small ? A 350 sized electric helicopter can inflict some nasty injury if it smacks someone head on. A 450-500 can kill a person. Quadcopters are somewhat safer. But any rc aircraft that can lift a few pounds of equipment can only be so small and only be so safe in a crowded area.



"2) If you cannot control it via line of site then you need either FPV or radar guidance to fly it beyond your line of site. This starts to become quite expensive and again, quite illegal, esp over populated areas. There are permits that can be acquired but they are rather hard to get."

The one in he story is GPS guided. You preload the surveillance flight path and altitude into the flight computer, then send it on its way.

yeah, thats all well and good. But still, dangerous in a populated area. Esp without someone in control to compensate for the unexpected. Also illegal unless you are fortunate enough to have the proper permits which are not just issued to anyone.


"3) Both electric and gas powered flight is high in energy consumption. Thus air time is short unless the drone is very well designed from the ground up for long sustained flights."

A 20 mile race track is possible. Opportunities to collect lots of Wifi locations and passwords.

If you need to get into the air to collect vast numbers of wifi locations and passwords you are either doing something illegal or, are a part of some spy program that is probably funded well enough to have access to full sized aircraft and/or a large budget for remote controlled gadgets. And even in the former case, most urban area are chock full of wifi signals and you can collect thousands of locations from the ground. But in most cases the cops know who they are targeting and can monitor that persons wifi or cell phone from the ground. No need to intercept everyones signals throughout an entire city. Furthermore it's easily thhwarted by not using wifi or a cell or cordless phone. Anyone who is doing something illegal and puts it out over a wifi or a cell phone is an idiot and deserves to get caught for being stupid.



"4) Night time or bad weather ... well need I say more ?"

Night time is no issue for a GPS guided drone, bad weather, well even the USAF stays home.

True but then again, the need to send a drone up at night to spoof cellphones and collect wifi data for a any legitimate purpose is rare. Generally if law enforcement is targeting a particular individual or location they can intercept signals from the ground. No need to collect thousands of wifi signals.




The amazing part of that aircraft is the Computer with a 340 million word vocabulary. It breaks the password protected Wifi sites!

Not too amazing. it sounds like nothing more than a brute force plain-text dictionary attack. easily thwarted by using random passwords of adequate length and/or a strong encryption method.

Not too amazing. it sounds like nothing more than a brute force plain-text dictionary attack. easily thwarted by using random passwords of adequate length and/or a strong encryption method.

Exactly, John. When it becomes possible fit a computer that can crack WPA2 encryption in less than the lifespan of the average human into a drone, then we'll have something to worry about. As it is now, even a 340 million word vocabulary would be useless against my WiFi security.

Please cite this.↓


Right, maybe. But I am talkig about non-military apps.

[QUOTE] "1) It is illegal and dangerous to fly drones over populated areas. Unless your target is in a sparsely populated area and close to a field where you can launch your drone and monitor its flight from the ground it won't be of much use and can land you in a heap of trouble. A relatively small rc plane or helicopter capable of carrying enough equipment can easily kill or maim a person if it were to go out of control."



With my smaller helicopters I can fit in through a smaller window. Nothing special here. Also, if there is any appreciable wind all bets are off.



probably not, but they are still quite noticeable once they start operating at low altitudes in close proximity to people. Electrics are quiet but as they get closer they are easily heard and draw attention.

Also, How small is small ? A 350 sized electric helicopter can inflict some nasty injury if it smacks someone head on. A 450-500 can kill a person. Quadcopters are somewhat safer. But any rc aircraft that can lift a few pounds of equipment can only be so small and only be so safe in a crowded area.




yeah, thats all well and good. But still, dangerous in a populated area. Esp without someone in control to compensate for the unexpected. Also illegal unless you are fortunate enough to have the proper permits which are not just issued to anyone.



If you need to get into the air to collect vast numbers of wifi locations and passwords you are either doing something illegal or, are a part of some spy program that is probably funded well enough to have access to full sized aircraft and/or a large budget for remote controlled gadgets. And even in the former case, most urban area are chock full of wifi signals and you can collect thousands of locations from the ground. But in most cases the cops know who they are targeting and can monitor that persons wifi or cell phone from the ground. No need to intercept everyones signals throughout an entire city. Furthermore it's easily thhwarted by not using wifi or a cell or cordless phone. Anyone who is doing something illegal and puts it out over a wifi or a cell phone is an idiot and deserves to get caught for being stupid.



True but then again, the need to send a drone up at night to spoof cellphones and collect wifi data for a any legitimate purpose is rare. Generally if law enforcement is targeting a particular individual or location they can intercept signals from the ground. No need to collect thousands of wifi signals.




Not too amazing. it sounds like nothing more than a brute force plain-text dictionary attack. easily thwarted by using random passwords of adequate length and/or a strong encryption method.

Exactly, John. When it becomes possible fit a computer that can crack WPA2 encryption in less than the lifespan of the average human into a drone, then we'll have something to worry about. As it is now, even a 340 million word vocabulary would be useless against my WiFi security.

When that day comes it will also be a day of great interest to people in my field of interest and/or to computer engineers the world over. For that will be the day that we have either discovered a ,simple and quick means of factoring enormous numbers or else developed an ultra powerful supercomputer the likes of which we cannot built today,

I think where the problem comes in is that many people leave themselves wide open and vulnerable to attacks. Either they run their networks fully open with no authentication or encryption or, they use WEP in combination with some weak password that is easily "guessed".

When that day comes it will also be a day of great interest to people in my field of interest and/or to computer engineers the world over. For that will be the day that we have either discovered a ,simple and quick means of factoring enormous numbers or else developed an ultra powerful supercomputer the likes of which we cannot built today,

I think where the problem comes in is that many people leave themselves wide open and vulnerable to attacks. Either they run their networks fully open with no authentication or encryption or, they use WEP in combination with some weak password that is easily "guessed".

http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html

U (http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html)m...

http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html

U (http://www.shawnhogan.com/2006/08/how-to-crack-128-bit-wireless-networks.html)m...

It shows that the strongest network is only as strong as the passwords being used. I generally try to use random charachter strings instead of words. harder to remember but harder for wordlist attackers.

It shows that the strongest network is only as strong as the passwords being used. I generally try to use random charachter strings instead of words. harder to remember but harder for wordlist attackers.

Use RADIUS...

Use RADIUS...

I would like a more detailed description of the underlying theory. Theoretically, using 128 bits there are 2^128 = 3.40x10^38 possible keys... an extremely huge number to brute-force your way through even with the fastest computers.

So, what I don;t understand is

1) Is he using a brute force attack and somehow getting very lucky ?
2) Is he exploiting a weakness in the algorithm itself ?
3) Is he simply doing a word list attack against the plaintext password.
4) I am missing something obvious.

From what I gather it seems to be the case 3. Somebody uses "Jane" (or something equally simple) as their password and within a very short time the computer guesses... "J a n e" and viola..

I would like a more detailed description of the underlying theory. Theoretically, using 128 bits there are 2^128 = 3.40x10^38 possible keys... an extremely huge number to brute-force your way through even with the fastest computers.

So, what I don;t understand is

1) Is he using a brute force attack and somehow getting very lucky ?
2) Is he exploiting a weakness in the algorithm itself ?
3) Is he simply doing a word list attack against the plaintext password.
4) I am missing something obvious.

From what I gather it seems to be the case 3. Somebody uses "Jane" (or something equally simple) as their password and within a very short time the computer guesses... "J a n e" and viola..

Rainbow tables: Pre-computed hashes of passphrases.

Rainbow tables: Pre-computed hashes of passphrases.

Okay, so it is still based on a "wordlist" (more or less) but the hashes are precomputed making the process faster (less computation). It still seems to me that a sufficiently random passphrase of sufficient length would make this hack difficult.

Okay, so it is still based on a "wordlist" (more or less) but the hashes are precomputed making the process faster. It still seems to me that a sufficiently random passphrase of sufficient length would make this hack difficult.

Depends on the rainbow table. There are some out there that are a couple of gigs in size, with precomputed hashes for everything from A to AAAAAAAAAAAAAAAAAAAA

Depends on the rainbow table. There are some out there that are a couple of gigs in size, with precomputed hashes for everything from A to AAAAAAAAAAAAAAAAAAAA

On average how fast can they blaze through one of those really huge lists to crack a very random passphrase ?

I guess if you have something you really need to keep secure use pencil and paper and keep it under lock and key.

On average how fast can they blaze through one of those really huge lists to crack a very random passphrase ?

I guess if you have something you really need to keep secure use pencil and paper and keep it under lock and key.

To get through a 128-bit key, average of 10 minutes.

If you need a wireless network to be secure, use RADIUS :)

To get through a 128-bit key, average of 10 minutes.

If you need a wireless network to be secure, use RADIUS :)

Okay, I was getting very confused because I was thinking in terms of cracking (by brute force) the entire 128 bit key space (which would be monumental and require enormous storage) and not thinking of the hash functions and the fact that they are non-injective mappings.. Combined with the enormous size (cardinality) of the pure 128 bit key space i.e. 2^128 is quite significant...(i.e. collisions). Much shorter to use a set of possible hashes based on a given character set, i.e. the typical keyboard.

I'll take a look at RADIUS. I like to try and keep it secure.