Vulnerability Testing of Wireless Access Points Using Unmanned Aerial Vehicles (UAV)

S.G. Vemi, Christo Panchev

    Research output: Chapter in Book/Report/Conference proceedingChapter

    770 Downloads (Pure)


    Wireless networks are essential part of our everyday life - we are using them at home, workplace, cafe shops and many other public places. Moreover, people trust such connections and readily use them to transfer sensitive information. With an explosive increase of their use we need expand the aspect of evaluating the security issues wireless networks. Majority of household are using the latest secured protocols the WPA2 with a government grade standard nowadays. These protocols are still vulnerable to dictionary attacks that are normally carried out by recording three-way handshakes between the wireless router and the connected client. This method is really common and widely used - its success depends on the strength of the password being used. The research presented here shows another efficient method of hijacking and breaking into home networks is by using a Man-in-the-Middle type attack. The proposed system is implemented on a Raspberry Pi carried by a drone. While until recently UAV's (Unmanned Aerial Vehicles) have been used mainly by militaries and some specialist organisations, nowadays they have become widely available, cheaper and user friendly. The use of a drone allows the system to cover a wide area of potential targets as well as relatively quickly move from one target and WiFi network to another. The system is based on war flying using commercially available drones (Wang, 2006). The main goal of this project is to be able to hijack a wireless connection session between a connected tablet PC and Access Point using WPA2 encryption. We will be able to automate a Man in the Middle attack just by flying the drone around a certain area, setting up a rogue access point and being able to harvest important credentials from the targeted wireless networks and connected devices. The system is based on a number of open source Wi-Fi penetration testing and configuration tools including iwconfig or airmon-ng and custom scripts. The drone payload (Raspberry Pi B+) is using two wireless dongles; one for monitoring the wireless networks and the other one for being the rogue access point. The Raspberry Pi is powered by a 1000 mAh battery and carried by a DJI Phantom Drone. The device is also capable of other types of attacks. Such as disconnecting devices from its currently connected networks or causing denial of service attack against wireless routers/hubs while remaining stealthy to the victim(s) and operating from a distance.
    Original languageEnglish
    Title of host publicationProceedings of the European Conference on e-Learning
    PublisherAcademic Conferences and Publishing International
    Publication statusPublished - Jan 2015


    Dive into the research topics of 'Vulnerability Testing of Wireless Access Points Using Unmanned Aerial Vehicles (UAV)'. Together they form a unique fingerprint.

    Cite this