Dedrone CEO Jorg Lamprecht points out that drones equipped with gear that can eavesdrop on wireless communication have already been demonstrated, and some of it has already hit the market. Drones are available that can track people through their mobile phones.
One example shown at last year's DefCon show is a device called Aerial Assault, a drone designed to find and pinpoint the location of (via GPS) unsecured networks. The developers intend to market it shortly at an expected cost of $2,500.
Another example is Sensepost's distributed tracking, profiling and data interception framework called Snoopy. First implemented in 2012, the company began marketing it last year. It can be used to track users of dual-mode (cell/WiFi) mobile phones.
It is also easy today to use a drone to drop a WiFi access point somewhere utterly unexpected to hijack communications.
Boeing is reported to be developing precisely this technology with a firm called Hacking Team.
"You could take a Wi-Fi access point and fly it to the top of Google's headquarters, and call the access point 'Google Free Public Wi-Fi.' See how many people connect their laptops," Lamprecht told Light Reading. "Or the bank. In the financial district, the office is up on the 61st floor? Fly a drone next to it, and call your access point Citibank Free PublicWi-Fi.' You can get close enough to do that now."
And why wouldn't the employees of a company connect? How many people don't attend DefCon every year? How many would stop to think that placing a fake AP is even possible?
"Or cell phones. I can read off all the radios of a cellphone, and I only need to be 200 or 300 feet away maximum," Lamprecht said. "Brave new world, right?"
And good luck identifying, let alone catching, a culprit. Drones are commonly piloted from half a world away. A drone could be programmed and the "operator" need not even be sitting at a terminal.
There are many possible countermeasures, but some are dependent on standards and practices that are hardly universal, while the legality of others is up in the air because the laws and regulations ruling the use of drones are lagging far behind commercial development.
If legally operated drones are equipped with transponders, they can be identified. Anything that can't be identified could be a threat. Dedrone sells a line of detectors called DroneTrackers.
If no-drone zones can be established, then managers of those zones might be able to employ active countermeasures that could include catching drones in nets, jamming them, disabling them (with electromagnetic pulses [EMP], for example) or hacking them to take them over.
— Brian Santo, Senior Editor, Components, T&M, Light Reading