Pierluigi Paganini December 17, 2014

Vespid is amongst most the important espionage artifacts based on the Wireless Aerial Surveillance Platform for the for the construction of a DIY Spy Drone.

The Wireless Aerial Surveillance Platform is a small DIY drone that has the capability to crack Wi-Fi passwords, eavesdropping on Wi-Fi passwords, eavesdropping on cell phone calls and read text messages. The former Air Force member, Mike Tassey and Rich Perkins, which designed the drone, explained that the Wireless Aerial Surveillance Platform represents the “state-of-the-art for cyber drone” and it’s hard to take down and to detect.

The experts built the Wireless Aerial Surveillance Platform in a garage, using off the shelf electronics. Building their own drone, they have demonstrated that it is potentially easy for a threat actor to create a spy drone and use it to launch a cyber attack. In October 2014, a group of Israeli researchers has demonstrated at the Black Hat Conference how to hack air gapped networks by using lasers and drones. It is clear that the availability of a drone that could be easily assembled in a garage could represent a serious threat to the Homeland security and citizen privacy.

Mike Tassey and Rich Perkins explained that the Wireless Aerial Surveillance Platform needs a human effort for take-off and landing, but it is able to fly in auto-mode following any pre-programmed route acting as a cell phone tower and tricking user’s mobile devices to connect it. Basically, the drone emulates a cell phone tower and is able in this way to access both communications and data on any device nearby.

The Wireless Aerial Surveillance Platform spy drone is equipped with a number of antennas for picking up the user’s conversation, blue tooth and for picking up and monitoring Wi-Fi signals. Tassey and Perkins clarified that the tests they performed were conducted in isolated conditions to avoid breaking laws or recording conversations of unaware individuals in the area.

The experts have presented their DIY spy drone in Washington so everyone can see it.

“I think it’s fantastic to have an artifact like this in the Spy Museum,” said Vincent Houghton, International Spy Museum Curator. “It’s the first of its kind, it’s a piece of modern espionage equipment,” said Houghton. “This is something governments should be doing and perhaps only government should be doing.”If two guys from the Midwest can build this for six-thousand dollars in a garage, what can Iran do? What can nation states do?” said Rich Perkins. 

Tassey and Perkins explained that the drone has a 50 mile range, it is very versatile and could be used also in a wide range of applications including rescue operations. Below an abstract from the “Specifications” page of the project.

• Small Scale, Open Source UAV using off the shelf components
• Designed as a vehicle to project Cyber-offensive and defensive capabilities, as well as visual / electronic surveillance over distance cheaply and with little risk.
• Modular Payloads for varied mission needs (Wi-Fi, Bluetooth, GSM, Imaging, etc)‏
• Integrated ground station for real time tracking, payload interaction, flight operations, data download.
• Off-airframe large scale high performance computational power via secure communications channels over 900MHz RF, Wi-Fi, Cellular Data Network (Edge and 4G).
• Man portable
• Low Cost to build and operate.

Anyway the security community is seriously considering the risks of attacks made abusing of this technology, let me suggest the reading of the post “Privacy and Security Issues for the Usage of Civil Drones“, which explains in details the possible attack scenarios.

Pierluigi Paganini

(Security Affairs –  Wireless Aerial Surveillance Platform, spy drone)