Researchers Put A Tiny Computer On A Drone To Make It A Hacking Machine

Information superhighway to the Danger Drone

Danger Drone

Danger Drone

The name is a little misleading. It's the computer, really, and not the drone that is the danger.Image courtesy of Bishop Fox

The progenitors of the cyberpunk genre imagined the future online world as a sea of wires, with networks accessible through some physical opening on a system somewhere. Thanks to WiFi, our cyberpunk reality isn’t quite as wired as they conceived.

But WiFi has a limited range, so sometimes breaking into a network means getting a computer close enough to catch that signal. For the canny hacker who wants to crack a network while staying far away, why not put a computer on a drone?

That’s the idea behind the Danger Drone, which will be demonstrated next week at the Black Hat conference in Las Vegas. Made by Fran Brown and David Latimer, who work for security consulting firm Bishop Fox, Danger Drone is a flying hacking machine.

“Attacks that before people might not have done because people didn’t want to put themselves personally at risk of getting caught—this kinda removes that,” Brown said. “Now you can be a lot more brazen in your attacks, because you’re not as worried about getting caught and going to jail.”

The computer that does the hacking is a cheap Raspberry Pi, loaded up with the software hackers typically use to crack into a network. The rest of the drone is a kit-built body, and altogether the Danger Drone cost just $500 to put together. The drone has over a mile of range using normal radio control, but could be configured to fly using signals from cell towers.

How best to demonstrate that Danger Drone's broken into a network? By rickrolling people through their own TV. From eWeek:

While the Danger Drone is intended to be used for real penetration testing purposes, it can also be used to annoy victims by "rickrolling" vulnerable Chromecast devices. At the Black Hat USA 2014 event, Bishop Fox researcher Dan Petro demonstrated a Raspberry Pi-based tool called the Rickmote (see the eWEEK video on the Rickmote here). Petro's device streamed Rick Astley's "Never Going to Give You Up" music video in an attack known as rickrolling, though Petro noted that any content could be sent. The Danger Drone has been enabled with Rickmote capabilities, and Petro noted that Chromecast devices in 2016 are still vulnerable to the same attack. He added that he has come across many corporate boardrooms that have Chromecasts in use.

Why make a device like this? A big part of security consulting is testing existing defenses, to make sure they still work. The idea of a hacking drone is hardly new. Boeing was reportedly in talks to develop a drone that could crack into surveillance networks from the sky. In 2011, another pair of cybersecurity consultants built a "Wireless Aerial Surveillance Platform," or hacker drone, for a cost of merely $6,200. Danger Drone is an order of magnitude cheaper, and it exists for the same purpose: by testing weaknesses in networks now, it's easier to protect those networks from future threats.

The real challenge for drones like this: will they be able to break into the networks of anti-drone systems?

Read more about Danger Drone at Motherboard.