Wireless Infrastructure

07:00 AM
Lee Badman
Lee Badman
Commentary
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Drones: The Next WLAN Menace

In addition to low-tech corporate spying, the remotely piloted aircraft could facilitate attacks on WLANs. The WLAN security industry is starting to respond.

Many of us in the business of WiFi have gotten comfortable with how we secure our networks. We think we know our logical and geographical borders, and have a sense of how vulnerable we are to social engineering and insider threats. But drones have the potential to change all of that.

The increasingly popular remotely piloted aircraft are small, quiet, unexpected, and evolving in what they can do and the havoc they can enable against networks. The growing threat drones pose to WLAN users and administrators has prompted the WLAN security industry to build drone-specific threat awareness into its technologies.

First, though, let's look at the threat drones pose to businesses. Forget about packets and malicious logic for a moment, as low-tech attacks are often the most harmful. Among the current favorite hobbyist drones on the market is the Parrot AR.Drone, which runs about $300 and has pretty impressive front and bottom-facing cameras on board. The AR.Drone was made for in-flight photographic and video capture, and has been the ire of a growing number of people who have been spied on by this sort of drone hovering outside their windows.

What if that window belongs to the network administrator’s or CIO’s office? By taking pictures of what’s on the computer screen to yellow sticky notes on the wall, drones can be used to harvest a treasure trove of organizational secrets.

Drones also might facilitate more sophisticated network-related attacks. As a transport mechanism for worrisome payloads that can either be used while airborne or parked on a nearby ledge for hours, drones are getting more attention in the hacker community. Drones such as the DGI Phantom can easily carry lightweight but powerful hacking platforms like WiFi Pineapple and Raspberry Pi, packaged with an external battery pack and cellular connection, for powerful eavesdropping and man-in-the-middle attacks.

As a WiFi Pineapple owner, I’m well versed in the use of these wonderful/terrible little boxes for attacks like Karma, SSL-Strip, and many others. Without drones, someone using the tool would have to get in range of a target, either by getting in close or using high-gain antennas. With drones, an attacker's nefarious influence expands exponentially.

As worrisome as all of this sounds, those of us in the business WLAN world aren’t completely defenseless. If you live in a particularly rainy or windy area, Mother Nature herself is on your side in keeping drones grounded.

For the rest of us, WLAN security products are beginning to provide protection. Fluke Networks has released the first drone detection signature as an update to its AirMagnet Enterprise wireless IDS/IPS product.  While this is the first formal anti-drone technology made available to WLAN customers, it’s likely just the start as drones become attached to more verified network attacks.

The new AirMagnet signature alerts customers to a few different drone-specific signals. Because drones like the AR Parrot are controlled via an ad hoc network from a smartphone app, AirMagnet can detect the command-and- control signaling in use. The signature also can detect video transmission streams. Once alerted, the network administrator can either attempt to locate the drone and its operator, or take RF or WLAN system-level countermeasures depending on the capabilities afforded by the WLAN being attacked.

Right now, AirMagnet’s detection is limited to the Parrot AR.Drone line, but it stands to reason that the ability to detect others will come.

While the current state of drone usage hardly equals an invasion, it may be time to take a hard look at your wireless intrusion protection strategy. You also may want to start looking up occasionally.

In addition to a freelance writing career, Lee Badman works for Syracuse University as a Network Architect and frequent Adjunct Instructor. Also a 10-year US Air Force veteran, Lee's technical experience spans 25+ years -- but he pays close attention to what comes next. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
aditshar1
50%
50%
aditshar1,
User Rank: Ninja
7/23/2014 | 12:55:22 PM
Re: Exotic WLAN attack and fit for signature based approach
I believe value of the drone itself is challenge,  I am not sure what these things cost but yes this may lead to higher cost of post as well and also i may not sound wrong if i say that in most cases delivery cost will be higher than value of the item being delivered.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
7/22/2014 | 5:23:10 PM
Re: Exotic WLAN attack and fit for signature based approach
I think you're right Brian, security providers will tune the defense to how the threat develops.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
7/22/2014 | 4:48:18 PM
Re: Exotic WLAN attack and fit for signature based approach
@Marcia, good point, I have heard of using acoustic signatures to detect drones. I guess, as the threat for businesses becomes higher, a security provider will combine acoustic signatures and command and control signaling to create higher detection capabilities.
Brian.Dean
50%
50%
Brian.Dean,
User Rank: Ninja
7/22/2014 | 4:37:50 PM
Re: Exotic WLAN attack and fit for signature based approach
Agreed as security is an important consideration and should never be taken lightly. AirMagnet is doing a good job by creating a solution for detection and alerts, once a positive detection has been made, it would be nice if the system included a set of countermeasures to make the network administrator's point of defense stronger. 
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Strategist
7/22/2014 | 11:36:21 AM
Re: Exotic WLAN attack and fit for signature based approach
I agree Lee, it's about raising awareness at this point. Signature-based detection has its problems, but at least it's a way to get a sense of the threat.
lbadman132
50%
50%
lbadman132,
User Rank: Ninja
7/22/2014 | 9:48:47 AM
Re: Exotic WLAN attack and fit for signature based approach
I don't disagree that the drone component is a bit exotic, and that there are bound to be false positives. At the same time, raising awareness of what is a legitimate and technically viable way of getting known attack mechanisms closer to the target is a good thing. People shouldn't approach this with a Chicken Little mentality, nor should they pretend there is no threat.
CHemantC
50%
50%
CHemantC,
User Rank: Apprentice
7/22/2014 | 9:10:31 AM
Exotic WLAN attack and fit for signature based approach
Attack scenario is exhotic, what remains to be seen is fit for signature based security. If drones become commonplace like Amazon drones and other drones, signatures can create deluge of alarms and false alarms. We have seen this in the history of wireless IDS. When SEARS started carrying WLAN AP in their delivery van, some systems added alert "SEARS van detected". This will go off every time van passed by. There are alternative ways to wireless security than signatures.
<<   <   Page 2 / 2
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed