View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 8, 2011

Researchers develop botnet drone that targets Wi-Fi networks

SkyNET measures 13x18 inches and fitted with Wi-Fi, 3G mobile data link, and Linux OS

By CBR Staff Writer

Researchers at the Stevens Institute of Technology have developed ‘SkyNET’, a stealth network that connects hosts to a botmaster through a mobile drone.

Measuring 13×18 inches, the drone is fitted with Wi-Fi, 3G mobile data link, a Linux Operating System, and is programmed to scour an urban area and compromise wireless networks, mostly used at homes.

Personal networks are the most unsecured networks on the Internet. They often contain no security controls, unpatched machines, no logging or auditing, bad password management, and typically run wireless radio with poor security.

Researchers Theodore Reed, Joseph Geis and Sven Dietrich hope that their experiment could preempt attacks that use out-of-band communication to control Internet hosts.

They say that the SkyNET is used by a botmaster to command their botnet(s) without using the Internet. The network comprises machines on home Wi-Fi networks in a proximal urban area, and one or more autonomous attack drones.

When a host is compromised it joins both the Internet-facing botnet, and the sun-facing SkyNET, say the researchers. Subsequent drone flights are used to issue command and control without ever linking the botmaster to the botnet via the Internet.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The researchers say that SkyNET takes advantage of poorly configured wireless network security, and poor trust configurations on mobile devices, to join networks and access devices locally using a mobile attack drone.

The SkyNET drone is controllable via auto-pilot or via a 3G connection.

The researchers say, "Once network access is acquired, the drone utilises an array of existing tools to compromise hosts, such as the Metasploit framework…The drone implements a 4-step attack procedure to enlist hosts into the network. We call this procedure PAAE (pilot, attack, attack, enlist)."

To compensate for the limited computational power, the drone uses a 3G mobile data link to off-load computation to an Amazon Elastic Compute Cloud (EC2) GPU Cluster instance running cracking software.

The researchers say, "Once the drone has access to a compromised network its second task is to attack hosts; preferring non-mobile hosts. The botmaster can deploy an array of attack scripts or frameworks."

"Once a host is compromised, the drone exchanges identification information, configures a callback mechanism, and secures the host as it is now a potential asset to SkyNET."

They suggest that detection of a SkyNET may be possible by observing the behavior of the underlying botnet and discovering the geolocation of the bots.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.