Financial Company Found That It Was BeingHhacked Using a Drone with WiFi Pineapple on Board
Information security specialist Greg Linares spoke about an interesting attack that took place this summer: an unnamed financial company from the United States discovered that modified DJI Matrice 600 and DJI Phantom drones, equipped with a Pineapple WiFi pentester device, landed on the roof of its office and tried to use the MAC address of one from employees.
Linares spoke about this non-standard attack on Twitter, while refusing to disclose the name of the affected company. Journalists from The Register checked the story of the specialist themselves by contacting representatives of the victim company, and confirm that the hacking attempt with the help of modified drones really covered the place.
Let me remind you that we also wrote about the following: Researchers said that hacking Mars rovers and drones could be quite easy.
It must be said that researchers have long been warning and theorizing about the hacking potential of drones. After affordable consumer quadcopters appeared on sale, this topic was raised more than once at information security conferences, such as Black Hat, both in the US and in Europe.
Let me remind you that back in 2013, the famous explorer Samy Kamkar showed his SkyJack drone, which was equipped with a Raspberry Pi to capture other drones via Wi-Fi. And in 2017, DIY enthusiast Naomi Wu demonstrated a project called Screaming Fist, also aimed at creating a hacker quadcopter.
Now, however, the problem is moving from theory to reality. Linares says it all started when the victim company detected unusual activity on an Atlassian Confluence internal page that originated from the company’s network.
The security team responded quickly and discovered that an employee whose MAC address was used to partially access the company’s Wi-Fi network also logged into the system at home many miles from the office. That is, the user was active outside the office, but someone who was within range of the building’s Wi-Fi network tried to use his MAC address.
The team then tried to trace the Wi-Fi signal using Fluke’s system to identify the device. This led the defenders to the roof of the building, where they found modified DJI Matrice 600 and DJI Phantom drones.
According to Linares, the Phantom was in excellent condition and had a modified Pineapple WiFi pentester device on board. The Matrice drone did bring a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. This drone landed next to the heating and ventilation system of the building and looked damaged, although it also worked.
According to the expert, the tools on the drones were used to target the company’s internal Confluence page in an attempt to gain access to other internal devices and the credentials stored there.
The analyst believes that the attackers were well prepared for their attack: they spent several weeks on reconnaissance, were close to the target environment, had a good budget, and knew what physical security restrictions they would have to face.
Linares sums up that the attack had “limited success”, though the third drone attack he personally witnessed in the past two years.
At the same time, drone payload options are getting smaller and more efficient (like Flipper Zero), and this creates viable attack models that make sense in real life. Companies operating in the fields of fintech, crypto and supply chain, as well as important software vendors, can be ideal targets for such attacks, where an attacker can easily cover their operating costs through immediate financial gain or access to more promising targets.the expert concludes.