UPDATED 20:43 EST / AUGUST 06 2015

NEWS

Boeing and Hacking Team may soon be dropping malware from the skies via drone

Drones already have a variety of purposes from delivering bombs and spying on foreign countries (for the military) or delivering packages (someday for Amazon.com) but it soon that thanks to Boeing Company and Hacking Team drones may be engaged in cyberwarfare sooner than expected–assuming drones aren’t already.

Hacking Team is a Milan-based malware company implicated for trading cyberwarfare and surveillance software with repressive governments after having been caught with its pants down in a 400GB leak of hacked documents and data. Boeing is best known as a multinational corporation that produces airplanes, such as the 747 passenger plane, but also makes rockets, helicopters, and satellites.

As part of the 400GB data leak from Hacking Team, e-mails published by Wikileaks show the malware developer offering surveillance software, or “network injector[s]”, that can be “transportable by a drone (!).”

The use case is obvious: a military power wants to intercept communications or gain information on a particular target. Having identified the area this target might be in, a drone flies over and uses its network injection capability to upload malware onto cellular mobile devices in the area. The military organization then has access to those mobile devices to gather information from them or even take control of the operating system.

Groups such as Hacking Team use zero-day exploits (or unpatched security loopholes) to allow the introduction of malware into computers and mobile devices. Already there has been a recent exploit that affects Android called Stagefright that is currently being patched.

The Washington Post published a claim that Boeing and Hacking Team were in talks to deliver this sort of technology.

However, in the same article, a Hacking Team representative claims that the company and Boeing have “no business relationship at all.”

Boeing representatives, however, did not deny that they were interested in potentially delivering hacking software via drone for customers interested in the capability. But also did not mention any involvement with Hacking Team.

“Understanding the payload technologies available to our customers in this market is essential to providing them with the services they require,” Boeing told The Washington Post.

A scourge from the skies: drones delivering malware

“Drones? Hacking? Kind of the same thing or at least tied together, very closely. Hackers have been taking to the skies since drones first became available,” says Security Analyst John Casaretto. “Of course these are now turning into ‘actual’ projects, and quite frankly, I think we all welcome—finally–some offensive cyber security measures.”

He adds that hackers are inspired by and inspire numerous technologies already in use today and that the applications of those technologies—drones in this example—extend from a variety of needs and interests. Interests that include military interests.

“I believe the immediate driver however is obvious,” he adds, “and reading between the lines, I would be inclined to think that most people would deduce the same–something military sponsored and offensive in nature, which would be tremendous.”

Malware isn’t the only way that a drone could be used to surveil people electronically. Already fake cell phone towers, or IMSI-catchers (International Mobile Subscriber Identity) have been deployed terrestrially for applications such as StingRay in the United States and possibly the United Kingdom.

A drone acting as a fake cell tower to capture and relay cellular phone traffic could certainly be used to surveil conversations being held over voice, but more importantly could be used to capture and modify data being passed to the phones. This is where the “network injector” portion of the drone comes into play.

For example, an Android update is being pushed out (or the drone fakes an update) and the drone uses an exploit to break the security on a target phone to introduce a piece of malware into that update. Or, perhaps a less-critical piece of software that has permissions given by the user useful to the attackers can be intercepted and updated in transit to include malware.

Photo credit: Boeing; the A160 Hummingbird chopper-drone during a test flight.

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU