UAV WASP has learned to intercept GSM-traffic

A year ago, American amateur hackers Mike Tassi (Mike Tassey) and Richard Perkins (Richard Perkins) designed the first version of the WASP drone, which flew around the territory along a given route and collected information about WiFi networks. They took the MiG-23 model, installed Via Epia 10000G Pico ITX computer (1GHz Via C7, 1 GB RAM) running Windows XP, ArduStation telemetry interface and ArduPilot automatic piloting system. They named their development the Wireless Aerial Surveillance Platform (WASP) and posted on the Internet links to all the necessary information on the assembly (for obvious reasons, they cannot publish step-by-step instructions themselves).

On the eve of Defcon 2011, they made a new, more advanced version of WASP . The computer is installed Via Epia PX5000EG Pico ITX PC (500 MHz Via C7, 1 GB RAM), but already running Linux BackTrack 5. Included is a program for bruteforce with a dictionary of 340 million words. Now WASP is able not only to use open hotspots, but also to crack some of the closed WiFi.

In addition, WASP learned to work as a mobile GSM station, accepting GSM connections and using 4G cards by redirecting them via VoIP, seamlessly for the subscriber. Redirection is done so that the call does not stop and it can be recorded. Conversations and SMS are recorded in the internal memory of 32 GB.
')


WASP uses the well-known weakness in the GSM system since 1993 , when a fake base station, with sufficient signal strength, is able to absorb the GSM traffic of nearby subscribers. When the phone is connected, the station sends the command to disable encryption. During last year’s demonstration at Defcon, a fake base station connected to at least 30 phones, after which IMSI, IMEI, dialed numbers and audio recordings of all seventeen calls made were recorded.

A WASP drone carries a similar base station, only with a higher power transmitter.