Many of us in the business of WiFi have gotten comfortable with how we secure our networks. We think we know our logical and geographical borders, and have a sense of how vulnerable we are to social engineering and insider threats. But drones have the potential to change all of that.
The increasingly popular remotely piloted aircraft are small, quiet, unexpected, and evolving in what they can do and the havoc they can enable against networks. The growing threat drones pose to WLAN users and administrators has prompted the WLAN security industry to build drone-specific threat awareness into its technologies.
First, though, let's look at the threat drones pose to businesses. Forget about packets and malicious logic for a moment, as low-tech attacks are often the most harmful. Among the current favorite hobbyist drones on the market is the Parrot AR.Drone, which runs about $300 and has pretty impressive front and bottom-facing cameras on board. The AR.Drone was made for in-flight photographic and video capture, and has been the ire of a growing number of people who have been spied on by this sort of drone hovering outside their windows.
What if that window belongs to the network administrator’s or CIO’s office? By taking pictures of what’s on the computer screen to yellow sticky notes on the wall, drones can be used to harvest a treasure trove of organizational secrets.
Drones also might facilitate more sophisticated network-related attacks. As a transport mechanism for worrisome payloads that can either be used while airborne or parked on a nearby ledge for hours, drones are getting more attention in the hacker community. Drones such as the DGI Phantom can easily carry lightweight but powerful hacking platforms like WiFi Pineapple and Raspberry Pi, packaged with an external battery pack and cellular connection, for powerful eavesdropping and man-in-the-middle attacks.
As a WiFi Pineapple owner, I’m well versed in the use of these wonderful/terrible little boxes for attacks like Karma, SSL-Strip, and many others. Without drones, someone using the tool would have to get in range of a target, either by getting in close or using high-gain antennas. With drones, an attacker's nefarious influence expands exponentially.
As worrisome as all of this sounds, those of us in the business WLAN world aren’t completely defenseless. If you live in a particularly rainy or windy area, Mother Nature herself is on your side in keeping drones grounded.
For the rest of us, WLAN security products are beginning to provide protection. Fluke Networks has released the first drone detection signature as an update to its AirMagnet Enterprise wireless IDS/IPS product. While this is the first formal anti-drone technology made available to WLAN customers, it’s likely just the start as drones become attached to more verified network attacks.
The new AirMagnet signature alerts customers to a few different drone-specific signals. Because drones like the AR Parrot are controlled via an ad hoc network from a smartphone app, AirMagnet can detect the command-and- control signaling in use. The signature also can detect video transmission streams. Once alerted, the network administrator can either attempt to locate the drone and its operator, or take RF or WLAN system-level countermeasures depending on the capabilities afforded by the WLAN being attacked.
Right now, AirMagnet’s detection is limited to the Parrot AR.Drone line, but it stands to reason that the ability to detect others will come.
While the current state of drone usage hardly equals an invasion, it may be time to take a hard look at your wireless intrusion protection strategy. You also may want to start looking up occasionally.