GSM Spoofing for Under 6000 USD

Two security researchers Wednesday [August 03, 2011] unveiled a remote-controlled, unmanned aerial vehicle (UAV) that is capable of cracking Wi-Fi passwords, exploiting weak wireless access points, and mimicking a GSM tower to intercept cell phone conversations

The Wi-Fi Aerial Surveillance Platform (WASP) was built by Mike Tassey and Richard Perkins, two security researchers seeking to show how an ordinary remote controlled hobby airplanes can be easily converted into something more sinister.

The WASP system, introduced by the pair at the at the Black Hat conference being held here this week, is upgraded version of a model unveiled at last year’s Defcon hacker conference in Las Vegas.

The bright yellow, six-foot, 13-pound spy drone is capable of flying at altitudes of up to 22,000 feet and staying aloft for up to 45 minutes at a time.

Updates include the ability to function as a spoofed GSM tower to intercept cell phone conversations, and to intercept Bluetooth communications.

The airframe of WASP is a surplus U.S. Army drone that was used for target practice purposes. The rest of the hardware and the software used in the drone are all readily available technologies, according to Tassey and Perkins.

The plane packs a small Linux-based computer running the Backtrack 4 suite of penetration testing tools. Another of its systems is designed to collect telemetry data that is sent to a ground-based base station which then uses it for real-time tracking.

The base station also serves as a network router for connecting other workstations to the payload on the drone, and houses systems used to offload processor intensive applications, such as password cracking.

Perkins and Tassey also installed a new Universal Software Radio Peripheral (USRP) that allows the drone to mimic a GSM cell phone tower. The technology can be used to spoof a cellular provider’s mobile service so that outbound calls made by users of that server are routed through the USRP.

The GSM spoofing ability is borrowed from a demonstration last year at Defcon by hacker Chris Paget, which showed how cell phones could be tricked into connecting with specially rigged “towers’ placed close enough to the target phones.

The updated unmanned aerial vehicle supports 4G networks and is capable of receiving and executing instructions delivered over the Internet from anywhere in the world.

The pair said the drone parts and its construction cost some $6,000.
Read more here: