For a while, it seemed like drones were everywhere – you couldn’t spend a day at a park or go to an outdoor event without hearing the familiar whir of propellors starting up and buzzing over the crowd. Cool concert footage not withstanding, drone operators have often faced some contention with their right to fly, particularly with some notable incidents like the time a drone crashed into a bike race, causing one cyclist to crash (thankfully with only minor injuries,) or the time a drone operator buzzed a police helicopter during a manhunt. Then the FAA stepped in, and there was less danger of a drone colliding with a commercial airliner. However, there are still concerns about drones just falling from the sky and knocking you unconscious.
Despite all the concerns that led to regulations on where and how to fly drones, one thing that was not addressed was the concerns about drone security. Not the drones themselves being hacked—although that is actually upsettingly easy—but about using them to infiltrate networks.
Enter the threat from above
As reported in The Register, it started with unusual activity on an internally hosted confluence page. When security personnel spotted this, they traced it to a MAC address on their corporate WiFi….that happened to match one logged in on a network several miles away. After verifying that the user was, in fact, working from home, they used a WiFi signal tracer to follow the signal this device was attached to….and it led them to the roof.
There, much to their surprise, they discovered a pair of drones.
One of them had a WiFi Pineapple. Unlike the delicious fruit, this is a device used by security testers to test WiFi networks for weak spots. Unfortunately, it’s also very useful to hackers who want to use it as a rogue access point. Apparently, this particular drone had made a prior visit, during which it discovered a temporary, less-than-secure Wifi network that it was able to snoop on to get an employee’s credentials and MAC address. Then, a couple of days later, it came back with a friend that had almost $15,000 of spying and hacking equipment with it – including a Raspberry Pi, a 4G modem, a laptop, and several extra battery packs. The credentials the first drone had stolen a few days earlier were hard-coded into all of these tools.
Thanks to their exceptionally vigilant security team, the attackers did not get much, including their drones back.
Are the drones coming for all of us?
Realistically, probably not….this wasn’t a cheap endeavor, nor was it simple to plan and execute. All told, the hackers spent a lot of money and put a lot of time and effort into this operation. With the amount of customization, research, and lucky timing, it’s unlikely that this could be easily replicated. The fact that the target of this hack was an unnamed financial institution suggests that it was only worth it to the hackers for the potential of an exceptionally large payout. Of course, this isn’t to say it couldn’t happen, but it’s not likely that armies of drones will be filling the skies to perch on the roof of your building and spoof your WifFi network any time soon.
What you SHOULD be worried about is that hackers rarely have to go to this much trouble to breach your network. When you look at other high-profile breaches like Okta and Cisco, the hackers simply had to gain access to an employee’s Gmail account. When Target was breached in 2013, it was via malware installed on an HVAC contractor’s laptop (not even an actual Target employee!). The sad truth is, with 81% of all data breaches caused by stolen, weak, or re-used passwords, hackers don’t have to put that much effort into getting access to your network.
The lesson here is not that this happened, but that good security will protect you no matter where the threat comes from. Thanks to the vigilant efforts of the security team who noticed the odd activity right away, it didn’t happen – ultimately, the hackers didn’t really get anything of value.
About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
