WASP UAV learned to intercept GSM traffic

A year ago, American hacker hobbyists Mike Tassey and Richard Perkins constructed the first version of the WASP drone, which circled the territory along a given route and collected information about WiFi networks. They took the MiG-23 model, installed a Via Epia 10000G Pico ITX computer (1 GHz Via C7, 1 GB RAM) on it running Windows XP, an ArduStation telemetry interface and an ArduPilot automatic piloting system. They called their development the Wireless Aerial Surveillance Platform (WASP) and posted on the Internet links to all the necessary information on the assembly (for obvious reasons, they themselves cannot publish step-by-step instructions).

In anticipation of Defcon 2011, they made a new, more advanced version of WASP. The computer is installed Via Epia PX5000EG Pico ITX PC (500 MHz Via C7, 1 GB RAM), but already running Linux BackTrack 5. The kit includes a brute force program with a dictionary of 340 million words. Now WASP is able not only to use open hotspots, but also to crack some of the closed WiFi.

In addition, WASP learned to work as a mobile GSM-station, taking on GSM-connections and using a 4G-card redirecting them via VoIP, invisible to the subscriber. The redirection is done so that the call does not end and can be recorded. Conversations and SMS are recorded in the internal memory 32 GB. WASP exploits GSM weakness since 1993



when a fake base station with sufficient signal strength is able to take on GSM traffic of close subscribers. When you connect the phone, the station sends a command to disable encryption. During last year’s demonstration at Defcon, a fake base station established communications with at least 30 phones, after which IMSI, IMEI, dialed numbers and audio recordings of all seventeen calls were recorded.

The WASP drone carries a similar base station, only with a transmitter of greater power.