News

Financial Company Found That It Was BeingHhacked Using a Drone with WiFi Pineapple on Board

Information security specialist Greg Linares spoke about an interesting attack that took place this summer: an unnamed financial company from the United States discovered that modified DJI Matrice 600 and DJI Phantom drones, equipped with a Pineapple WiFi pentester device, landed on the roof of its office and tried to use the MAC address of one from employees.

Linares spoke about this non-standard attack on Twitter, while refusing to disclose the name of the affected company. Journalists from The Register checked the story of the specialist themselves by contacting representatives of the victim company, and confirm that the hacking attempt with the help of modified drones really covered the place.

Let me remind you that we also wrote about the following: Researchers said that hacking Mars rovers and drones could be quite easy.

It must be said that researchers have long been warning and theorizing about the hacking potential of drones. After affordable consumer quadcopters appeared on sale, this topic was raised more than once at information security conferences, such as Black Hat, both in the US and in Europe.

Let me remind you that back in 2013, the famous explorer Samy Kamkar showed his SkyJack drone, which was equipped with a Raspberry Pi to capture other drones via Wi-Fi. And in 2017, DIY enthusiast Naomi Wu demonstrated a project called Screaming Fist, also aimed at creating a hacker quadcopter.

Now, however, the problem is moving from theory to reality. Linares says it all started when the victim company detected unusual activity on an Atlassian Confluence internal page that originated from the company’s network.

The security team responded quickly and discovered that an employee whose MAC address was used to partially access the company’s Wi-Fi network also logged into the system at home many miles from the office. That is, the user was active outside the office, but someone who was within range of the building’s Wi-Fi network tried to use his MAC address.

The team then tried to trace the Wi-Fi signal using Fluke’s system to identify the device. This led the defenders to the roof of the building, where they found modified DJI Matrice 600 and DJI Phantom drones.

According to Linares, the Phantom was in excellent condition and had a modified Pineapple WiFi pentester device on board. The Matrice drone did bring a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. This drone landed next to the heating and ventilation system of the building and looked damaged, although it also worked.

During the investigation, it was determined that the DJI Phantom drone was originally used a few days before this attack to intercept the employee’s credentials and Wi-Fi. This data was later hard-coded into tools that were deployed using Matrice.explains Linares.

According to the expert, the tools on the drones were used to target the company’s internal Confluence page in an attempt to gain access to other internal devices and the credentials stored there.

Attackers specifically target restricted networks used by both third parties and internally and that are poorly secured due to some recent company change (e.g., restructuring/rebranding, moving to a new building, new network settings, or a combination of these scenarios). For this reason, the temporary network, unfortunately, had limited access to login (credentials + MAC). The attackers used the attack to access an internal Confluence server that contained different credentials to access other resources.says the specialist.

The analyst believes that the attackers were well prepared for their attack: they spent several weeks on reconnaissance, were close to the target environment, had a good budget, and knew what physical security restrictions they would have to face.

Linares sums up that the attack had “limited success”, though the third drone attack he personally witnessed in the past two years.

Now in 2022 we are seeing some truly amazing drone advancements in the areas of power, range and capability (like the amazing synchronized drone shows in China, they are fantastic).

At the same time, drone payload options are getting smaller and more efficient (like Flipper Zero), and this creates viable attack models that make sense in real life. Companies operating in the fields of fintech, crypto and supply chain, as well as important software vendors, can be ideal targets for such attacks, where an attacker can easily cover their operating costs through immediate financial gain or access to more promising targets.the expert concludes.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

11 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

12 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

12 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

12 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

15 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

15 hours ago