This drone steals your data

The dreaded inevitable has happened.
Written by Mark Halper, Contributor
Drone DJI Phantom Giovanni Flickr.jpg
Hang on Snoopy: Security firm SensePost mounted its Snoopy software onto a commercial drone like this one from DJI.
 It was only a matter of time before someone sent out a drone to steal data. 

So let's hear it for SensePost, an information security company that buzzed a pilotless craft above the Black Hat security conference in Singapore last week, plucking information from the smartphones of hundreds of attendees below, the BBC reported.

SensePost has hacked people at conferences before, but always via ground-based hardware housing its Snoopy software. This was the first time that Snoopy took to the air, where it can cover much larger areas.

"You can also fly out of audio-visual range - so you can't see or hear it, meaning you can bypass physical security - men with guns, that sort of thing," SensePost's Glenn Wilkinson told the BBC.

Snoopy can invade any gadget like a smartphone or laptop when the device's Wi-Fi is switched on. 

"Every device (people) carry emits unique signatures - even pacemakers come with wi-fi today," Wilkinson said. "And - holy smokes, what a bad idea."

The software can mimic a Wi-Fi network that the victim has tapped in the past, and can then steal any information the user enters while on the ersatz set-up, including passwords and bank details, he noted.

SensePost loaded the software into a computer that it mounted on a small, commercially available drone. The BBC story suggests the drone came from Hong Kong-based DJI.  SensePost has offices in London and in Pretoria, South Africa.

Its stunt in Singapore last week reminds us once again that technology like drones, which could be used for everything from delivering pizzas and other goods, to transmitting the Internet, to fighting smog and killing people, can serve a spectrum of purposes. Technology good. Technology bad. Technology good. Technology bad...

Photo is from Giovanni via Flickr

Droning on:

This post was originally published on Smartplanet.com

Editorial standards