Nate Krussel, Maxine Major, and Theora Rice

Slides:

Advertisements

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Advertisements

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.

Application Guide For Mesh AP – MAP-3120

IP Office Install in Basic Mode Initial Steps. ©2009. All rights reserved. Overview of Process 1. Read all documents sent from Avatel concerning install.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

NetComm Wireless SMS Diagnostics and Commands Feature Spotlight.

Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.

NetComm Wireless SMS Forwarding Feature Spotlight.

A+ Certification Guide Chapter 10 Mobile Devices.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Ch. 5 – Access Points. Overview Access Point Connection.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to Eagle Server AsiaPac Academy Workshop Bangkok

Configuring the MagicInfo Pro Display

1 Web Server Administration Chapter 9 Extending the Web Environment.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.

CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.

OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.

Network Services Networking for Home & Small Business.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

1 Build a SIP of Environment Speaker: Yi-Ji Jheng Date:

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

September 2015 LCCU Meeting How can you manage the Adobe Flash security risk? How can you keep Flash and other software updated? We’ll answers members’

Parrot S.A. – Strictly confidential Flight recorder +

Linux Networking and Security

A powerful network monitoring system

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.

CIS 450 – Network Security Chapter 5 – Session Hijacking.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

CHAPTER 9 Sniffing.

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.

Instructor Suleiman Muhammad (mcpn,mncs)

SWAN simulation A Simulation Study of Denial of Service Attacks on Wireless Ad-Hoc Networks Samuel C. Nelson, Class of 2006, Dept. of Computer Science,

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

Unix network Services. Configuring a network interface In Unix there are essentially two commands that are used to enable TCP/IP. ifconfig route.

Enterprise Network Systems Client/ Server Mark Clements.

Ryan Rasmussen Maggie Krause Jiajun Yang. Hardware Progress Mechanical assembly complete Received APM case and power module last week Connected wi-fi.

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

1 14-Jun-16 S Ward Abingdon and Witney College CCNA Exploration Semester 1 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.

U-PROX SMART HANDLE Fully incorporated Wireless Handle and Furniture Locking Set.

Hacking Drones – Untersuchungen zur Sicherheit der Parrot AR.Drone 2.0

Lab 2: Packet Capture & Traffic Analysis with Wireshark

Pilot Watcher Product Overview V5.3

Chapter 5: Switch Configuration

Hacking Drones – Untersuchungen zur Sicherheit der Parrot AR.Drone 2.0

PC Troubleshooting & Recovery

Introduction to Computers

Introduction:. Vendor : Cisco Certifications : Next-Generation Firewall Express Security Engineer Exam Name : Cisco ASA Express Security Exam Code :

Chapter 5: Switch Configuration

Chapter 4 Core TCP/IP Protocols

Chapter 5: Switch Configuration

IS 4506 Server Configuration (HTTP Server)

Radoslaw Jedynak, PhD Poland, Technical University of Radom

Lecture9: Embedded Network Operating System: cisco IOS

Lecture9: Embedded Network Operating System: cisco IOS

Presentation transcript:

Nate Krussel, Maxine Major, and Theora Rice The Parrot AR.drone 2.0

Overview Parrot AR Drone 2.0 Purchased off Amazon Works out of the box ~ $300 for everybody 2 day prime shipping Works out of the box No assembly required, charge the battery, download the application and fly Comes with special hull for flying indoors Embedded Linux on SOC Atheros chipset

Overview Free Flight App Runs on Android and IOS No Windows phone app Uses gyros and accelerometers to control the flight Failsafe: if hands not on device, drone attempts to hover in place.

Early Thoughts Experiments Use Wireshark to sniff traffic Take over drone control App and PC Hijack the video Hard crash the drone, similar to the emergency landing built into the drone

Wireshark Connected the AR.Drone wifi to sniff the traffic Pattern Identification Wireshark didn’t show any traffic ARP packets, not much else

Wireshark Conclusion Wireshark couldn’t identify packets used to transmit data Used a packet different from normal TCP/IP and didn’t know how to display it Need to use a raw packet dump and try to analyze it that way

Drone Hacks \ Mods Hack#1: Program Drone over Wi-fi Node.js Platform built on Chrome’s Javascript runtime Install AR Drone module Client for controlling AR Drone (nodecopter.com) Save flight commands to file Auto-execute drone actions This method also included untrusted .js files

Drone Hacks \ Mods Hack#2: Program Drone over Wi-fi Packets sent as UDP/TCP Single UDP contains 1+ command(s) AT*REF: takeoff, landing, reset, stop Ports: Port 5556- UDP packets with regular commands Port 5554- Reply UDP data packets from AR.Drone Port 5555- Reply video stream packets from AR.Drone Port 5559- TCP packets for critical data that cannot be lost usually for configuration

Drone Hacks \ Mods Hack#3: Exploration of internals Airodump-ng capture of drone wifi Revealed open access point Aireplay -0 deauth attack Arp scans Nmap ftp, telnet ports left open

Projecting Video …The Hard Way

Projecting Video …The Easy Way Telnet telnet 192.168.1.1 ffplay (ffmpeg) ffplay tcp://192.168.1.1:5555

Video Demo

Optional Modifications Blinking LED lights Upgraded Blades/Rotors Long-life replacement batteries 1000mAh standard, 1500mAh RF controller … for lights, etc. Radio upgrade Prop axle brushing replacement Upgraded camera

Attacks Using Telnet to get into the drone (no security, default is open) Typing “Reboot” will cause the drone to restart, and it will fall, but can reconnect after it finishes restarting.

Attacks Using Telnet Using “netstat –pantu” then identifying the connected person and their TCP stream. Then typing “Kill <pid>” will cause the drone to fall out of the sky, it needs to be restarted before it will fly again from any user.

Attack 1 Demo

Hardening Repeater AR.Assist – Windows Wizard Use to connect drone to WiFi hotspot Now locked to that hotspot Can be permanent http://www.shellware.com/BlogEngine.Web/post/2011/02/12/ARAssist-Infrastructure-Wi-Fi-Enabling-Your-ARDrone-Made-Easy.aspx

Hardening Reload the linux kernel Lots of time and effort

Operation Stux2bu Attack 1 Attack 2 Attack 3 Attack 4 No security, reboot with lock-out capability Responds to Telnet only Attack 2 With security, MAC Spoofing, Attack 1 Attack 3 Jamming the signal Attack 4 Floss...in the rotors

Sources http://www.shellware.com/BlogEngine.Web/post/2011/02/12/ARAssist-Infrastructure-Wi-Fi-Enabling-Your-ARDrone-Made-Easy.aspx http://www.lawfareblog.com/2012/09/operation-stux2bu-layered-offense-and-defense-and-drone-cyberattacks/ https://www.robotappstore.com/Knowledge-Base/How-to-Program-ARDrone-Remotely-Over-WIFI/96.html http://www.libcrack.so/2012/10/13/hacking-the-ar-drone-parrot/ http://dronemediaproject.com/resources-3/drone-hack/ http://dronescapes.com/dronepage3.html http://droneflyers.com/2013/02/ar-drone-modifications/