The Wireless Aerial Surveillance Platform, or WASP.
The Black Hat Security Conference and DEFCON bring together the world’s professional hackers, security researchers, goverment representatives, journalists, and just about anyone who thinks of themselves as a hacker. They listen to talks about security, show off the latest novel hacks, and generally share information about the state of computer security.
Every year there’s a highlight to the conferences, and this year it looks like that highlight may be a flying drone, or unmanned aerial vehicle (UAV). This drone is called the Wireless Aerial Surveillance Platform, or WASP. It’s an ex-U.S. Army spy drone measuirng over 6-feet in length and wingspan that has been modified to make it more useful for hackers in our built-up, communication-heavy urban environments…
If you happen to see this yellow drone flying above your neighborhood you’d be right to be concerned. WASP is equipped with the tools to crack Wi-Fi network passwords made possible by an on-board VIA EPIA Pico-ITX PC running BackTrack Linux equipped with 32GB of storage to record information. BackTrack offers a full suite of digital forensics and penetration testing tools making it a good fit for this setup.
WASP can also act as a GSM network antenna meaning it will be able to eavesdrop on calls/text messages made over that network by any phone deciding to connect through it.
While such a drone may violate a few flying laws, it doesn’t break any FCC regulations as it uses the HAM radio frequency band or a 3G connection for communication. As to the reason for building it, creators Mike Tassey and Richard Perkins just wanted to prove there is a vulnerability that can easily be taken advantage of with a UAV such as this.
WASP is an open source platform using Arduino that Tassey will discuss how to build at DEFCON-19 next week.
The main take-away from the WASP project is that this is just two guys building a UAV in their spare time that can easily collect data from Wi-Fi and GSM networks with little input from the operator. There’s even instructions available to create your own. That makes it more than worthy of a talk at DEFCON, but also worth the time of network operators to see how they could counteract such a system from ever being used successfully.