hacking the drones
play

Hacking the Drones Aatif Khan Aatif Khan Full Time PenTester | - PowerPoint PPT Presentation

Jun 04, 2023 •416 likes •1.14k views

Hacking the Drones Aatif Khan Aatif Khan Full Time PenTester | Part time Trainer Over a decade of experience in Information Security. Previously presented talks at OWASP Netherlands, Singapore, Malaysia, India and Dubai.

  1. Hacking the Drones Aatif Khan

  2. Aatif Khan  Full Time PenTester | Part time Trainer  Over a decade of experience in Information Security.  Previously presented talks at OWASP Netherlands, Singapore, Malaysia, India and Dubai.  Authored papers on Android Application Penetration Testing, Hacking the Drones, Web Security 2.0, Advance PersistenceThreats,WAF Filter and Bypass.

  3. Agenda  Drones - Introduction  Taking over Parrot AR Drone 2.0  GPS Spoofing over DJI Phantom 3

  4. Note The intention of this talk is to spread awareness for proper usage of Civil Drones legally and show more options among cyber security researchers for performing penetration testing on Civil Drones and thus finding loopholes in civil drones and to make drones more secure, so that it doesn’t fall in wrong hands.

  5. Future with Drones  FAA predicts it'll be a $90 billion industry within 10 years.  Amazon secret R & D team making their automated drones with Sense and Avoid technology.  Many Government agencies using Civil Drones for Surveillance.  Rakuten, Japanese e-commerce giant about to finish their manufacturing of drones.

  7. Video: Domino’s Pizza Delivery

  8. Nigerian Government – Monitoring Oil theft

  9. Flying Camera

  10. Flying Gun

  11. Drones - Introduction

  12. Drones - Introduction Fly up around a 35-story building like Superman, onto private property areas that you literally need wings to get you there.

  13. Drones Hardware Details  Drones are typically run by 2.4 gigahertz radio waves.  Controllers which can be gamepad-like controllers to smartphones or tablets.  GPS chip relays its location to the controller and also logs the aircraft’s takeoff spot in case it needs to return unassisted.

  14. Drones position in the air  Onboard sensors keep drones up in the air.  Altimeter to maintain that height.  GPS chip helps to hold the drone within the x and z axes.  Drones like DJI’s larger rigs can withstand wind blow of up to 50 miles per hour.

  15. Drones are Autonomous  Estimation and Control Algorithms working on Drones lets it to fly autonomously in circles, or return to base path if the communication link is lost.  It balances Anything kept on it, even if you disrupt it. It goes back again to balance position.

  16. How Drones are Self Reliant  Drones have multiple rotors and propellors in order to achieve the level of control necessary to be self-reliant.  More than one propellor gives drones more fail-safes.  If one motors fails, remaining motors keep the aircraft still in air.  More rotors you have, the more lift an aircraft will generate, allowing it to carry a heavier payload eg: Camera

  17. Power Source to keep Drone Flying  Drones typically come with a removable battery that provides around 12 minutes of flight time.  Many drone makers sell extra batteries, and you can even upgrade them to get up to 25 minutes of flight.  But more power means more weight, which is why these machines get such little airtime.

  18. Communication Method  GPS provides accurate position data/return home for your drone.  Wi-Fi provides the ability to transmit heavy amounts of data to and from the drone within a specific control radius.  Bluetooth provides another method for transmitting information to and from the drone.  900Mhz/433Mhz provides longer range communication at a slower data rate.

  19. Controlling the Drone http://rcexplorer.se/projects/2013/03/fpv-to-space-and-back/

  20. No Drone Zone

  21. Based on rules and regulations of the UK Air Navigation Order (CAP393)

  23. No Fly Zone – www.noflyzone.org

  26. Laws in UK (Brief Overview)  Drone weighs less than 20kg  Not using it for commercial reasons  Avoid flying it within 150 meters of a congested area and 50 meters of a person, vessel, vehicle or structure not under the control of the pilot  Can’t go above 400 feet in altitude or further than 500 meters horizontally. If you want to exceed that, you need to seek explicit permission from the Civil Aviation Authority (CAA).  Anyone using a drone for commercial use is also required to seek permission from the CAA. T o get a license you will have to show that you are “sufficiently competent”.  Always keep your drone away from aircraft, helicopters, airports and airfields  Use your common sense and fly safely; you could be prosecuted if you don't.  The House of Lords EU Committee is calling for the compulsory registration of all commercial and civilian drones, claiming that it would allow the government to track and manage drone traffic and address safety concerns.

  27. Drones Law UK  https://www.caa.co.uk/drones/  http://uavcoach.com/eu-uk-drone-regulations-an-inside- look/  http://www.noflydrones.co.uk/

  28. Protection against the Drones DroneDefender – Anti-Drone Shoulder Rifle  Remote Control Drone Disruption  GPS Disruption

  29. Video: DroneDefender

  30. Parrot AR Drone 2.0 Specs 1 GHz 32 bit ARM Cortex A8 processor with 800MHz video DSP TMS320DMC64x OS - Linux 2.6.32 RAM – 1 GB Front Cam – 720p Ground Cam – QVGA USB – Onboard, use flash drive Wi-Fi – 802.11 a/b/g/n Utrasonic Altimeter

  31. Security Vulnerabilities of the AR.Drone 2.0 Parrot AR Drone 2.0 uses Open Wi-Fi as a communication method between Drone and Controller.

  32. Parrot AR Drone 2.0 when connected to iPad

  33. Security Vulnerabilities of the AR.Drone 2.0 Parrot AR Drone 2.0 running with open Wi-Fi iPad – Drone Controller

  34. Security Vulnerabilities of the AR.Drone 2.0 Parrot AR Drone 2.0 running with open Wi-Fi iPad – Drone Controller Laptop running Linux

  35. Use aireplay-ng to de-authenticate the Drone Controller aireplay-ng -0 20 -a A0:14:3D:BC:02:14 -c 00:0F:B5:FD:FB:C2 wlan0 a – MAC Address of Parrot Drone c – MAC Address of Controller connected to the Drone 20 – Approximate De-authentication packets need to be sent to disconnect controller( here - iPad) from the Parrot AR Drone 2.0

  36. Demo Video: De-authentication of Controller

  37. MAC Address for Parrot AR Drone 2.0 http://standards-oui.ieee.org/oui/oui.txt

  38. NMAP Scan on Parrot AR Drone 2.0

  39. Open FTP Connection

  40. Open telnet Connection – root shell running BusyBox

  41. Video: Power-Off Drone

  42. CPU and RAM Info

  43. All programs run under the root account

  44. Disk Space

  45. Controlling Drone from your Laptop Browser 1) Install the node.js interpreter sudo apt-get install node 2) Clone the project's git repository git clone https://github.com/functino/drone-browser.git 3) Connect your computer to the drone's Wi-Fi network 4) Run the code: node ./server.js 5) Connect your browser to the node server by pointing it to http://localhost:3001

  46. Controlling Drone from Laptop  Not as easy and flexible as your smartphone  Write some javascript code that can be interpreted as an instruction to Fly the Drone  Begin by creating a file called repl.js: var arDrone = require('ar-drone'); var client = arDrone.createClient(); client.createRepl();

  47. Code to take off, spin clockwise, and land node ./repl.js // Make the drone takeoff drone> takeoff() true // Wait for the drone to takeoff drone> clockwise(0.5) 0.5 // Let the drone spin for a while drone> land() true // Wait for the drone to land

  48. DJI Phantom 3 Professional Drone DJI App maintains database of No Fly Zone On iOS devices it has database - .flysafeplaces.db It contains more than 10,000 entries of location which are marked as No Fly Zones. What If DJI Phantom gets attacked by GPS Spoofing and gets landed in No Fly Zone?

  49. GPS Spoofing Civil GPS is the most popular unauthenticated protocol in the world.

  50. GPS Spoofing Impact

  51. Heavy reliance on civilian GPS  Vehicular navigation and aviation  Time synchronization; time stamping in security videos, financial, telecommunications and computer networks.  Track trucks, cargoes, and goods under GPS surveillance.  Courts rely on criminals being correctly tracked by GPS.

  52. Civil GPS Signals  detailed structure but no built-in defense  Susceptible to spoofing attacks which make GPS receivers in range believe that they reside at locations different than their real physical location.  The drone’s GPS receiver is one of the biggest weaknesses, being dependent on the unencrypted civilian GPS.

  53. ( Military v/s Civilian ) GPS Signals  Civilian GPS signals were never intended for safety and security-critical applications.  Unlike military GPS signals, civilian GPS signals are not encrypted or authenticated.  In civilian GPS, the signals are spread using publicly known spreading codes.  The codes used for military GPS are kept secret; they serve for signal hiding and authentication.

  54. Major Loopholes in GPS System  Receiver is unable to distinguish the spoofed signal from the authentic one  GPS Signals are not encrypted

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical?

ETHICAL HACKING Daniel Cloherty CAN HACKING BE ETHICAL? What makes hacking ethical? Legality VS Ethics State Sanctioned hacking BLACK HAT - Stereotypical Hacker -Stealing data for personal gain -Obviously not ethical -Using

1.17k views • 10 slides
Erle Robotics: "Linux Drones & the App Store for Drones We make artificial robotic

Erle Robotics: "Linux Drones & the App Store for Drones We make artificial robotic

Erle Robotics: "Linux Drones & the App Store for Drones We make artificial robotic brains that power robots and drones. Today with you Vctor Mayoral Vilches Alejandro Hernndez Iigo Muguruza Robotics Robotics Robotics

1.26k views • 51 slides
Drones (UAS): General Information, Uses and Applications Also known as UAS: Unmanned Aerial

Drones (UAS): General Information, Uses and Applications Also known as UAS: Unmanned Aerial

Drones (UAS): General Information, Uses and Applications Also known as UAS: Unmanned Aerial System Industrial or Occupational Use Drones 4K video 12 MP Digital Camera FPV (First Person View) Applications (uses) for Drones

502 views • 36 slides
DRONES What are drones? Unmanned Aerial Vehicle (UAV). Informally known as the Drone, it is

DRONES What are drones? Unmanned Aerial Vehicle (UAV). Informally known as the Drone, it is

Unmanned Aerial Vehicles a.k.a DRONES What are drones? Unmanned Aerial Vehicle (UAV). Informally known as the Drone, it is a flying aircraft with no pilot inside . Can navigate autonomously by onboard computers or by using a

462 views • 23 slides
Breakout Sessions! @Advisen Drones: The Risk from Above Drones: The Risk from Above Thomas

Breakout Sessions! @Advisen Drones: The Risk from Above Drones: The Risk from Above Thomas

Welcome to the Breakout Sessions! @Advisen Drones: The Risk from Above Drones: The Risk from Above Thomas Klaus Justin Green Partner, Aviation Attorney Vice President, Willis Aerospace Americas Kreindler & Kreindler LLP

181 views • 17 slides
The HSE and drones M (Flip) Sandell HM Inspector of Health and Safety Entertainment and Leisure

The HSE and drones M (Flip) Sandell HM Inspector of Health and Safety Entertainment and Leisure

The HSE and drones M (Flip) Sandell HM Inspector of Health and Safety Entertainment and Leisure Sector HSE Drones at work The HSE and drones HSE, CAA, AAIB and the Police all have a role in the regulation. Breaks down as you would

133 views • 11 slides
American Opinions On the Use of Armed Military Drones What Is A Drone? Unmanned Aerial

American Opinions On the Use of Armed Military Drones What Is A Drone? Unmanned Aerial

American Opinions On the Use of Armed Military Drones What Is A Drone? Unmanned Aerial Vehicle Until recently drones have been used exclusively as combat surveillance vehicles Drones have recently been outfitted with weapons

384 views • 17 slides
War of the Drones Bruzzone Agostino, Full Professor University of Genoa, Italy 1 , Di Bella Paolo,

War of the Drones Bruzzone Agostino, Full Professor University of Genoa, Italy 1 , Di Bella Paolo,

IT 2 EC 2020 IT 2 EC Extended Abstract Template Simulation for Better Operational Decisions: Game of Drones / War of the Drones War of the Drones Bruzzone Agostino, Full Professor University of Genoa, Italy 1 , Di Bella Paolo, Colonel ITA Army,

343 views • 7 slides
Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking

Hacking Reinforcement Learning Guillem Duran Ballester Guillemdb @Miau_DB A tale about hacking AI-Corp Hacking RL 1. Information gathering 2. Scanning 3. Exploitation & privilege escalation 4. Maintaining access & covering tracks

960 views • 62 slides
Autonomous drones for inspection of enclosed spaces When will enclosed space inspection by drones

Autonomous drones for inspection of enclosed spaces When will enclosed space inspection by drones

Autonomous drones for inspection of enclosed spaces When will enclosed space inspection by drones become an accepted practice in maritime and offshore operations? Every year people die inspecting enclosed spaces. These spaces can contain depleted

254 views • 4 slides
DRONES AND THEIR USE AT SPORTING EVENTS 2 WILL GLOVER - FLEYE AERIAL DRONES AND THEIR USE AT

DRONES AND THEIR USE AT SPORTING EVENTS 2 WILL GLOVER - FLEYE AERIAL DRONES AND THEIR USE AT

1 WILL GLOVER - FLEYE AERIAL DRONES AND THEIR USE AT SPORTING EVENTS 2 WILL GLOVER - FLEYE AERIAL DRONES AND THEIR USE AT SPORTING EVENTS WHAT ARE WE COVERING - WHO? - WHAT? - CASE STUDY - AUDIENCE EVENT - SUMMARY - ANY QS WHAT

399 views • 29 slides
About the GSMA Drones Interest Group Members GSMA Position on Drones GSMA have created a policy

About the GSMA Drones Interest Group Members GSMA Position on Drones GSMA have created a policy

About the GSMA Drones Interest Group Members GSMA Position on Drones GSMA have created a policy position, on behalf of the mobile industry, to explain to policy makers and regulators the benefits of using mobile networks to provide cellular

1.04k views • 39 slides
Accurate Mapping using Drones The fundamentals to obtain true photogrammetric accuracy are still

Accurate Mapping using Drones The fundamentals to obtain true photogrammetric accuracy are still

1/12/2016 Accurate Mapping using Drones The fundamentals to obtain true photogrammetric accuracy are still the same Richard Russell - Technical Director Drone Services (Fiji) Pte Ltd powered by Excitement and potential of autonomous drones

246 views • 11 slides
Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan

Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan

Hardware & Software Platform for Next Generation Industrial Drones Chetak Kandaswamy Kai Yan Helmut Prendinger Whats next in industry drones? Market: Technical topics: Infrastructure inspection Advanced controller (No GPS,

391 views • 18 slides
CONSTRUCTION MONITORING HOW PHOTOGRAMMETRY AND DRONES WILL BECOME INTEGRAL TO THE BIM PROCESS

CONSTRUCTION MONITORING HOW PHOTOGRAMMETRY AND DRONES WILL BECOME INTEGRAL TO THE BIM PROCESS

A NEW APPROACH TO CONSTRUCTION MONITORING HOW PHOTOGRAMMETRY AND DRONES WILL BECOME INTEGRAL TO THE BIM PROCESS julian.norton@pix4d.com www.pix4d.com 24.11.2017 WE TAKE IMAGES CAPTURED BY DRONES www.pix4d.com CONVERT THEM INTO 3D MODELS

671 views • 23 slides
Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1

Hacking SecondLife Michael Thumann Hacking SecondLife by Michael Thumann 2/24/08 1 Disclaimer Everything you are about to see, hear, read and experience is for educational purposes only. No warranties or guarantees implied or

692 views • 47 slides
NTP Toxicology and Carcinogenicity Studies of Cell Phone Radiofrequency Radiation Michael Wyde,

NTP Toxicology and Carcinogenicity Studies of Cell Phone Radiofrequency Radiation Michael Wyde,

NTP Toxicology and Carcinogenicity Studies of Cell Phone Radiofrequency Radiation Michael Wyde, PhD, DABT National Toxicology Program National Institute of Environmental Health Sciences June 8, 2016 BioEM2016 Meeting, Ghent, Belgium

660 views • 32 slides
Radiation Therapy ICTP School on Medical Physics March 25 April 5, 2019 Miramare, Trieste

Radiation Therapy ICTP School on Medical Physics March 25 April 5, 2019 Miramare, Trieste

Sub-systems of Linear Accelerators for Radiation Therapy ICTP School on Medical Physics March 25 April 5, 2019 Miramare, Trieste Yakov Pipman, DSc We all know about Linear Accelerators KARZMARK C.J., NUNAN C.S., TANABE E., Medical

708 views • 55 slides
Accelera'on I Accelerators o+en require coupling intense

Accelera'on I Accelerators o+en require coupling intense

Accelera'on I Accelerators o+en require coupling intense radio-frequency (RF) wave with a charged par=cle velocity d E v E dt = qv v.E E change in

448 views • 15 slides
Performance Characterization of LCLS-II Superconducting Radiofrequency Cryomodules Ruth Gregory

Performance Characterization of LCLS-II Superconducting Radiofrequency Cryomodules Ruth Gregory

FERMILAB-SLIDES-17-024-AD Performance Characterization of LCLS-II Superconducting Radiofrequency Cryomodules Ruth Gregory Lee Teng Internship Final Presentation In partnership with: 9 August, 2017 This manuscript has been authored by Fermi

302 views • 15 slides
ESRF Operation Status Report & Phase I and II Accelerator Upgrade Programme P. Raimondi On

ESRF Operation Status Report & Phase I and II Accelerator Upgrade Programme P. Raimondi On

ESRF Operation Status Report & Phase I and II Accelerator Upgrade Programme P. Raimondi On behalf of the Accelerator & Source Division Oxford, September 9 - 2014 ACCELERATOR AND SOURCE DIVISION (ASD) PROGRAMME Deliver the X-ray

915 views • 40 slides
Chapter 14: NMR Spectroscopy A. Introduction MS and IR can provide MW and a few other

Chapter 14: NMR Spectroscopy A. Introduction MS and IR can provide MW and a few other

14-1 Chapter 14: NMR Spectroscopy A. Introduction MS and IR can provide MW and a few other details, but we generally need way more info to fully determine a structure. Nuclear magnetic resonance (NMR) spectroscopy is a very powerful

675 views • 32 slides
NMR, ESR, Mssbauer (SR) (for solid- state physics magnetism) P. Mendels Metals Lab.

NMR, ESR, Mssbauer (SR) (for solid- state physics magnetism) P. Mendels Metals Lab.

NMR, ESR, Mssbauer (SR) (for solid- state physics magnetism) P. Mendels Metals Lab. Physique des solides Correlated electrons Frustrated magnetism Univ. Paris-Sud Orsay Superconductivity Spin liquids Spin chains NMR, ESR,

1.66k views • 121 slides
Importance of Dosimetry for Microwave Radiation including WiFi Karl Maret M.D., M.Eng.,

Importance of Dosimetry for Microwave Radiation including WiFi Karl Maret M.D., M.Eng.,

Importance of Dosimetry for Microwave Radiation including WiFi Karl Maret M.D., M.Eng., B.Sc.(EE) President Dove Health Alliance Aptos, CA kmaret@cruzio.com (831) 662-8421 (Clinic) Sources of RF/Microwave Radiation Cell Phones DECT

656 views • 46 slides

More recommend