If the privacy concerns surrounding drones were not sufficient, researchers have discovered a method which can enable the UAVs to hack into wireless printers.
A Singapore-based team of cybersecurity researchers had invented a method whereby the transmissions from a wireless printer can be intercepted by deploying smartphones that are strapped on to drones.
"Flying a drone equipped with an Android smartphone and special app the team has developed, enabled remote scanning and access to unencrypted wireless office printers," notes the iTrust team.
The research team behind this exploit is from Singapore University of Technology and Design's iTrust. The technology developed by iTrust, in tandem with an app, can allow one to gain access to a user's network through the smartphone-equipped UAV. This will enable the automatic hacking of a wireless printer, resulting in the cyber attackers making off with secure documents from printers that have open Wi-Fi connections.
The purpose of the project was to bring to light that printers are a weak link and can be an easy target for cyberattacks. Hackers looking to steal sensitive data or get into an organization's networks can utilize this vulnerability for waging an attack.
For the purpose of the study, the researchers deployed a DJI drone and a smartphone from Samsung. The handset was rooted to install another OS. The iTrust team also developed an application, which would steal the print job documents automatically by acting like the real printer.
How does the drone-waged cyber-attack work?
Once the app identified an open printer Wi-Fi network, it established an identical wireless access point on the smartphone strapped onto the drone. The drone would hover near the Wi-Fi coverage area of the office premises. The app which mimicked the printer would trick the employees into believing that the sent a document for printing to the in-house printer, whereas it would actually be sent to the smartphone.
Once the smartphone has the data it sends it to the cloud through mobile data to the hacker's Dropbox. Interestingly, to not draw any suspicion, the hacker is able to channel the print job back to the original printer. This way the employee still get the printout - but with delay.
Another app dubbed Cybersecurity Patrol was developed by the researchers during the study, which could detect any available printers with open Wi-Fi. However, instead of waging an attack through the drone, this app would click images of the printers which were compromised and send them to the company's CIO.
The app also sent across a print job to the organization giving details of how the company could secure the compromised printers which had been identified from their SSID.
