Look, up in the sky: It's an unmanned flying drone stealing your Wi-Fi password and reading your text messages!
Mike Tassey and Richard Perkins are the proud creators of the Wireless Aerial Surveillance Platform (WASP), a drone specially rigged with hacking tools capable of capturing home wireless network passwords.
Tassey and Perkins will demonstrate the WASP's high-flying exploits at next week's Black Hat Security Conference in Las Vegas.
This is the second year Tassey, a security consultant to Wall Street and the U.S. intelligence community and Perkins, a senior security engineer supporting the U.S. government (and a one-time owner of an airplane hobby shop), will wow the Black Hat crowd with their homemade 14-foot flying hacker, Forbes reported.
Built from a retired Army target drone and equipped with HD cameras and a "cigarette-pack sized on-board Linux computer" with a 340 million-word dictionary for "brute force guessing of passwords," the WASP could be a quickly moving threat to home Wi-Fi networks.
And this year, the WASP's aerial assault is even scarier — it can now intercept your phone calls and text messages.
Tassey and Perkins built in a feature that impersonates the GSM cell phone towers used by AT&T and T-Mobile. When the WASP flies close enough to a person's cellphone, the phone connects to the antenna on the WASP instead of the phone's legitimate cell tower.
As a result, the WASP, if used in this devious way, could record a person's conversations and text messages, and, as Tassey said, "the target won't even know he's being spied on."
Tassey and Perkins will not demonstrate the WASP's new phone-hacking capabilities at Black Hat, and say they only tested that feature "in isolated conditions" to ensure they weren't illegally listening in on strangers' conversations.
In fact, the WASP is Tassey and Perkins' way of highlighting the risks many companies face in the hands of everyday hackers, not just ones in the sky.
"We wanted to bring to light how far the consumer industry has progressed, to the point where the public has access to technologies that put companies, and even governments, at risk from this new threat vector that they're not aware of," Perkins said.