Drones can be used to record incredible scenes for movies, follow thieves from above, save lives or carry out home deliveries at lightning speed. Unfortunately, this also opens doors for people to misuse them for malicious gain.
Researchers in Singapore have demonstrated how attackers using a drone with a mobile phone could easily intercept documents sent to a seemingly inaccessible Wi-Fi printer. The method they devised is actually intended to help organisations determine if they have vulnerable open Wi-Fi devices that can be accessed from the sky. But the same technique could also be used by spies for corporate espionage.
To demonstrate that this threat is real and exists, the investigators paired a drone with a smartphone and developed two apps that were designed to intercept the communications of a printer from the outside.
The first of these apps, Cybersecurity Patrol, detects vulnerable printers – in fact, it can be used to detect security holes and even patch them. The second app however has been kept confidential, this app passes itself off as the machine. It creates a false access point and imitates the printer, tricking the computer into sending the files to it.
In theory, all you need is a smartphone to carry out these attacks, but the drone comes into play when it comes to getting the required height/distance (a radius of 26 meters, at most) to trick the computer. By hovering over a building at this height, a drone could simply give cyber-criminals access to a home or office network.
The main aim of the research in Singapore was to alert businesses of the dangers that an apparently inoffensive printer could pose and that it is relatively easy for criminals to gain access to information by using rather simple methods. Many wireless printers are sold with an open Wi-Fi connection as default and the owners often forget to change this setting, leaving them vulnerable to cyber-criminals.