One of the biggest challenges for hackers who want to get into more secure and isolated networks is physical. If the network is well protected, you might need to be physically close to it to hack it—and standing around with a laptop outside of an office or a power plant might raise some suspicion.
But what if the hacker could just fly a special drone, and make it quietly land near the target?
That's exactly the idea behind Danger Drone, a $500 custom built device that carries a Raspberry Pi equipped with all the most common hacking software.
"Think of it as a flying hacker laptop," Fran Brown, one of the two creators of the Danger Drone, told Motherboard. The drone, he added, does "everything a hacker laptop can do—but one that can fly."
The drone "does everything a hacker laptop can do—but one that can fly."
The name, Brown explained, comes from the famous song that plays at the end of Top Gun. Brown watched it a few months ago and thought that "Highway to the Danger Drone" would be a great name for a talk. That gave him the idea to build the actual device.
The Danger Drone, according to Brown and his colleague David Latimer, gives hackers a powerful and relatively stealthy new tool.
"Attacks that before people might not have done because people didn't want to put themselves personally at risk of getting caught—this kinda removes that," Brown said. "Now you can be a lot more brazen in your attacks, because you're not as worried about getting caught and going to jail."
Obviously Brown and Latimer didn't make the drone so that cybercriminals could use it. The idea behind it is to give cyber defenders and pentesters a tool to make sure companies and facilities have the right protections in place to counter threats that could come, literally, from the sky.
Drones have become almost ubiquitous at this point. So much that there are multiple companies offering anti-drone products. Some try to use old-school physical solutions like nets—either flown by other drones or shot by special cannons, or high-tech ones like electro-magnetic guns, or even simpler ones, such as, yes, eagles. To check how effective these solutions can be, Brown and Latimer envision the Danger Drone to be the perfect tool to put them to a test.
The biggest targets for this kind of drone are not traditional WiFi networks or computers, but more insecure and easier to exploit "smart" devices.
"The explosion of the Internet of Things has really put a lot of targets out there for this drone."
"The explosion of the Internet of Things has really put a lot of targets out there for this drone," Brown told me.
The Danger Drone, when used via remote control, has a 1.2 mile (2 km) range. But with a special cellphone module the drone can be controlled via LTE, which vastly expands its range. And it can also be programmed with fixed waypoints and landing destinations, according to the researchers, who work for the consulting firm Bishop Fox.
Brown and Latimer claims this is the first cheap, easy-to-make hacking drone, though there have been proof of concepts before.
If effective, the danger drone could open up all kinds of new possibilities for attackers. Some might be really nefarious, such as using it to get in range of a power plant's Wi-Fi and hack into it to carry out further cyberattacks. Others might be more innocuous, such as flying it around the neighborhood to automatically hijack Chromecasts and rickroll unbeknownst TV viewers.
The two will demo the drone, including its rickrolling capabilities, at the upcoming Black Hat security conference in Las Vegas next week.
The Hacks We Can't See is Motherboard's theme week dedicated to the future of security and the hacks no one's talking about. Follow along here.