SkyNET: Using Drones to Compromise Wireless Networks

SkyNET: Using Drones to Compromise Wireless Networks
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

TecNews: “Stevens Institute of Technology professor Sven Dietrich demonstrated SkyNet, a remote-controlled aerial vehicle that can automatically detect and compromise wireless networks, at the recent USENIX security conference. Dietrich showed how such drones could be used to create an inexpensive, airborne botnet controller. SkyNet consists of a toy helicopter and a lightweight computer equipped with wireless reconnaissance and attack software. The researchers control the drone with a 3G modem and two cameras attached to the device. “[Our] drone can land close to the target and sit there–and if it has solar power, it can recharge–and continue to attack all the networks around it,” Dietrich says. SkyNet also can be used to create and control a botnet, creating a weak spot in a wireless network, known as an air gap, to prevent investigators from identifying where the attack originated. At the recent Black Hat Security Briefings, security consultant Richard Perkins presented the Wireless Aerial Surveillance Platform, a repurposed Army target drone that can scan for and compromise wireless networks. “We could identify a target by his cell phone and follow them home and then focus on attacking their less secure home network,” Perkins says.”

Article: “… The SkyNET drone’s initial task is to survey local wire- less networks in the area of interest. Information about the composition of local networks is gathered: BSSID, SSID, encryption type, channel, MAC address(es) of as- sociated clients. Capturing handshakes and data across all channels at this point is not feasible as our monitor- ing wireless card has to rapidly cycle through channels to gather the access point and client association informa- tion efficiently. An attacker should structure channel se- lection based upon individual channels wireless network composition. This could be done through weighted met- rics, including composition of encryption types, num- ber of clients per network, and signal strength, allow- ing for more effective use of flight time. As open net- works require no data collection or cracking to connect we can say that these are the easiest targets. It should be noted that wireless hotspots, although often open net- works, may not provide loyal clients and may be ineffec- tive for exploitation. Once SkyNET has determined the wireless network(s) to attack, it must crack encryption of the various wireless networks it wishes to access. ”

 

More: Link to the original Article – https://db.usenix.org/events/woot11/tech/final_files/Reed.pdf

Source: http://technews.acm.org