For Fran Brown, one of the managing partners at renowned security firm Bishop Fox, it all started with Top Gun. “I was watching [the movie] as I often do, and Kenny Loggins’ song came on, and I suddenly thought ‘Danger Drone‘ — that would be an awesome name for a project,” he told Digital Trends. “It went from there.”
Feeling inspired, Brown went on to co-create Danger Drone — or, as he puts, “a hacker’s laptop that can fly.” In essence, the concept is a $500 Raspberry Pi-based quadcopter drone, kitted out with all the regular hacking software security firms deal with on a regular basis.
“[The goal was] to make a cheap, easy-to-create hacking drone so that security professionals can test out the defenses that they’re rolling out,” he continues. “It’s a drone for penetration testing, to see how effective the defenses against this kind of thing actually are.”
You may, of course, be wondering why hackers would have need of a drone. After all, some of the most publicized hacking attacks of recent times have come from thousands of miles away — in places like North Korea. This is true, but as Brown points out, there has also been a rise in proximity-based “over the air” attacks, where people are able to gain access to other people’s devices, which are physically located nearby. Danger Drone takes “over the air” attacks and raises the stakes. You could say it deals with “into the air” attacks.
“Today there’s an abundance of targets that are ripe for hacking,” Brown explained. “The appeal of drones is that you can fly them over buildings, land on people’s roofs, and attack not just their WiFi and their phones, but their FitBit, the Google Chromecast hooked up to their TV, their smartwatches, their smart refrigerators. A drone would be perfect for attacking them.”
“What protects a lot of devices right now is that you need to be close,” Brown’s colleague David Latimer continued. “You need to be close to the wireless signal to be able to read it. [Danger Drone] removes that barrier of physical access.”
Fortunately, both Brown and Latimer are on the side of the angels. When they demonstrate Danger Drone at next week’s Black Hat security conference in Las Vegas, they’re doing it so that security companies can get a head start on the possible next frontier of hacking. As Brown says, “Right now, there are no best practices about how to protect yourself from a drone.”
Hopefully, projects like Danger Drone will help change that, before people find out the hard way.
- Pay-n-pray cybersecurity isn’t working. What if we just paid when it works?
- IBM banned USB drives. Is it the future of security or a knee-jerk reaction?
- How 20th century check fraud is helping prevent 21st century data theft
- Researcher claims to bypass iPhone security limits, but may have spoken too soon
- Ticketfly goes offline after refusing to pay hacker’s Bitcoin ransom