• 07/22/2014
    7:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

Drones: The Next WLAN Menace

In addition to low-tech corporate spying, the remotely piloted aircraft could facilitate attacks on WLANs. The WLAN security industry is starting to respond.

Many of us in the business of WiFi have gotten comfortable with how we secure our networks. We think we know our logical and geographical borders, and have a sense of how vulnerable we are to social engineering and insider threats. But drones have the potential to change all of that.

The increasingly popular remotely piloted aircraft are small, quiet, unexpected, and evolving in what they can do and the havoc they can enable against networks. The growing threat drones pose to WLAN users and administrators has prompted the WLAN security industry to build drone-specific threat awareness into its technologies.

First, though, let's look at the threat drones pose to businesses. Forget about packets and malicious logic for a moment, as low-tech attacks are often the most harmful. Among the current favorite hobbyist drones on the market is the Parrot AR.Drone, which runs about $300 and has pretty impressive front and bottom-facing cameras on board. The AR.Drone was made for in-flight photographic and video capture, and has been the ire of a growing number of people who have been spied on by this sort of drone hovering outside their windows.

What if that window belongs to the network administrator’s or CIO’s office? By taking pictures of what’s on the computer screen to yellow sticky notes on the wall, drones can be used to harvest a treasure trove of organizational secrets.

Drones also might facilitate more sophisticated network-related attacks. As a transport mechanism for worrisome payloads that can either be used while airborne or parked on a nearby ledge for hours, drones are getting more attention in the hacker community. Drones such as the DGI Phantom can easily carry lightweight but powerful hacking platforms like WiFi Pineapple and Raspberry Pi, packaged with an external battery pack and cellular connection, for powerful eavesdropping and man-in-the-middle attacks.

As a WiFi Pineapple owner, I’m well versed in the use of these wonderful/terrible little boxes for attacks like Karma, SSL-Strip, and many others. Without drones, someone using the tool would have to get in range of a target, either by getting in close or using high-gain antennas. With drones, an attacker's nefarious influence expands exponentially.

As worrisome as all of this sounds, those of us in the business WLAN world aren’t completely defenseless. If you live in a particularly rainy or windy area, Mother Nature herself is on your side in keeping drones grounded.

For the rest of us, WLAN security products are beginning to provide protection. Fluke Networks has released the first drone detection signature as an update to its AirMagnet Enterprise wireless IDS/IPS product.  While this is the first formal anti-drone technology made available to WLAN customers, it’s likely just the start as drones become attached to more verified network attacks.

The new AirMagnet signature alerts customers to a few different drone-specific signals. Because drones like the AR Parrot are controlled via an ad hoc network from a smartphone app, AirMagnet can detect the command-and- control signaling in use. The signature also can detect video transmission streams. Once alerted, the network administrator can either attempt to locate the drone and its operator, or take RF or WLAN system-level countermeasures depending on the capabilities afforded by the WLAN being attacked.

Right now, AirMagnet’s detection is limited to the Parrot AR.Drone line, but it stands to reason that the ability to detect others will come.

While the current state of drone usage hardly equals an invasion, it may be time to take a hard look at your wireless intrusion protection strategy. You also may want to start looking up occasionally.


Exotic WLAN attack and fit for signature based approach

Attack scenario is exhotic, what remains to be seen is fit for signature based security. If drones become commonplace like Amazon drones and other drones, signatures can create deluge of alarms and false alarms. We have seen this in the history of wireless IDS. When SEARS started carrying WLAN AP in their delivery van, some systems added alert "SEARS van detected". This will go off every time van passed by. There are alternative ways to wireless security than signatures.

Re: Exotic WLAN attack and fit for signature based approach

I don't disagree that the drone component is a bit exotic, and that there are bound to be false positives. At the same time, raising awareness of what is a legitimate and technically viable way of getting known attack mechanisms closer to the target is a good thing. People shouldn't approach this with a Chicken Little mentality, nor should they pretend there is no threat.

Re: Exotic WLAN attack and fit for signature based approach

I agree Lee, it's about raising awareness at this point. Signature-based detection has its problems, but at least it's a way to get a sense of the threat.

Re: Exotic WLAN attack and fit for signature based approach

@Marcia, good point, I have heard of using acoustic signatures to detect drones. I guess, as the threat for businesses becomes higher, a security provider will combine acoustic signatures and command and control signaling to create higher detection capabilities.

Re: Exotic WLAN attack and fit for signature based approach

I think you're right Brian, security providers will tune the defense to how the threat develops.

Re: Exotic WLAN attack and fit for signature based approach

I believe value of the drone itself is challenge,  I am not sure what these things cost but yes this may lead to higher cost of post as well and also i may not sound wrong if i say that in most cases delivery cost will be higher than value of the item being delivered.

Re: Exotic WLAN attack and fit for signature based approach

Drone delivery technology is in its infancy at the moment, the Parrot AR.Drone costs $300 and with the standard battery pack it can remain airborne for around 12-minutes. Extended batteries are available that can take flight time to around 20-minutes at a time. Overall, it gives it a range of around 1 km, having a payload in the form of pizza delivery will shorten its range.

Algorithms would need to be developed for deliver drones to automatically fly at least part of the distance, when nearing the end destination for pizza delivery, a sales representative will need to take over to guide the drone and maybe, call the customer to receive their pizza.

I guess, the cost of a dedicated delivery van would range in the $25,000+ range, fuel expenses and a dedicated employee would add to the final cost, drones on the other hand are cheaper, and shorter employee intervention would save costs.

Re: Exotic WLAN attack and fit for signature based approach

I agree you @Brian, but do think in future we can see drone acting like active delivery boy.

Re: Exotic WLAN attack and fit for signature based approach

@aditsahr1, yes it could be a future into which the world enters. Since a long time, cost saving and automation has been a driver for the world, starting from the first industrial revolution to present day. The result of which has created a global environment where consumers can gain a high quality and diversity of services. 

Consider a service such as Lyft, it enables individuals with an underutilized car to offer rides to customers -- good for the individual with the underutilized car and good for the customer as well, because this model creates rides at low fares.

Re: Exotic WLAN attack and fit for signature based approach

Yikes, a sky filled with drones sounds pretty creepy!

Re: Exotic WLAN attack and fit for signature based approach

I imagine a Cloud outage disconnecting the drone from the algorithm controlling it, would be dangerous as well -- all the drones would come crashing down.

I take it is a bit futuristic, but the National Research Agency of France announced earlier this year a prize of $5 million to anyone that can create an oil-drilling drone. If an IT team manages to claim that prize, it would be just a matter of time before water-drilling drones become a priority and water requirements are met of the world.

But either way, I agree, robotics is a double-edged sword with creepiness on the one side and functionality on the other.

Re: Exotic WLAN attack and fit for signature based approach

I agree about the double-edged sword. I do see how drones can be functional, and this news today about a drone finding a missing elderly man underscores that.

Re: Exotic WLAN attack and fit for signature based approach

Drones delivering Amazon packages while capturing your rouge wifi data, now that is multitasking.

Re: Exotic WLAN attack and fit for signature based approach
I agree you Brain but we still need manpower in fact skilled manpower to manage and control these drones in sky, I am still very curious to learn and see on what mechanism they will deliver to the right address.
Re: Exotic WLAN attack and fit for signature based approach

Agreed as security is an important consideration and should never be taken lightly. AirMagnet is doing a good job by creating a solution for detection and alerts, once a positive detection has been made, it would be nice if the system included a set of countermeasures to make the network administrator's point of defense stronger. 

Autonomous GPS Programmed Drone

Some drones are programmed with autonomous GPS Flight paths and do not require a control signal to navigate a collection route.  You could program one with to a location to attach and collect data then detach and fly back to point of origin.

Re: Autonomous GPS Programmed Drone

Austin, thanks for your comment. You're right -- I think drones will be able to accomplish all sorts of things, and fully programmable and automated at some point. The potential for abuse is great, of course. But we'll be able to do lots of great things, too. Pizza delivery, anyone?