You Built What?! A Remote-Controlled Hacker Drone

Out of Sight The drone [shown here being flown by one of its builders, Richard Perkins] can reach a height of 22,000 feet John Fedele

Richard Perkins and Mike Tassey both worked in information technology in the U.S. Air Force before decamping to various cybersecurity consulting roles in and around the Department of Defense. But throughout their careers they’ve always considered themselves hackers at heart, which is why they spent the past two years developing the ultimate mobile hacking device: a drone aircraft that can discreetly break into Wi-Fi networks, emit jamming signals, and even pose as a cellphone tower to intercept communications from the ground.

Perkins and Tassey shared an interest in remotely piloted aircraft, and with their professional backgrounds, they naturally began dreaming up surveillance applications. Their Wireless Aerial Surveillance Platform, known as Vespid (the Latin word for “wasp,” a play on the acronym), is a modified surplus FQM-117B Army target drone. In place of the aircraft’s original radio equipment, Perkins and Tassey substituted compact components including a high-powered radio antenna for intercepting and broadcasting signals, a 32-gigabyte USB drive to store swiped data, and a 4G USB dongle to keep Vespid connected to a server on the ground.

Two lithium-polymer batteries power the 76-inch-long drone, which can remain aloft for more than half an hour.

Although the aircraft has impressive spying abilities, Perkins and Tassey say that they don’t have designs on other people’s data. They showed Vespid at a security conference in Las Vegas in August to make a point: If they could construct a spy drone from legal, off-the-shelf components for a few thousand dollars, then despite its complexity, others could do the same—including those with nefarious motives.

Yet Vespid could have some helpful applications. As easily as it can steal data, it can also provide Wi-Fi connectivity and cellphone service in areas affected by natural disasters or hunt for cell signals in devastated areas, turning ordinary cellphones into search-and-rescue beacons.

Flight Control: An Arduino microcontroller-based “ArduPilot” platform handles the drone’s avionics  John Fedele

How It Works

Time: Two years
Cost: $6,200

FLIER

To boost efficiency and reduce engine noise, Tassey and Perkins stripped out the drone’s nitromethane engine and replaced it with a 2.5-horsepower electric motor. They added landing gear forged from hobbyist R/C aircraft components to cushion their electronic cargo.

INTERCEPTOR

The drone uses an Ettus universal software radio peripheral, or USRP, which enables it to receive and transmit signals. Two six-cell, 22.2-volt lithium-polymer battery packs power it and the rest of the hardware, including a card-deck-size central computer running BackTrack 5, a tool kit for hacking wireless networks.

EAVESDROPPER

Vespid can “spoof” a cell tower—it can trick phones into thinking that its USRP is a piece of network hardware so that the phones route calls and texts through the drone. Vespid then connects the calls through a real cell tower, so the phone (and caller) never detects that it has been duped. That means Vespid can even intercept encrypted voice or text data and dump it to a server on the ground.