Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nate Krussel, Maxine Major, and Theora Rice

Published byRosemary Odham Modified over 9 years ago

Similar presentations

Presentation on theme: "Nate Krussel, Maxine Major, and Theora Rice"— Presentation transcript:

1 Nate Krussel, Maxine Major, and Theora Rice
The Parrot AR.drone 2.0

2 Overview Parrot AR Drone 2.0 Purchased off Amazon Works out of the box
~ $300 for everybody 2 day prime shipping Works out of the box No assembly required, charge the battery, download the application and fly Comes with special hull for flying indoors Embedded Linux on SOC Atheros chipset

3 Overview Free Flight App Runs on Android and IOS
No Windows phone app Uses gyros and accelerometers to control the flight Failsafe: if hands not on device, drone attempts to hover in place.

4 Early Thoughts Experiments Use Wireshark to sniff traffic
Take over drone control App and PC Hijack the video Hard crash the drone, similar to the emergency landing built into the drone

5 Wireshark Connected the AR.Drone wifi to sniff the traffic
Pattern Identification Wireshark didn’t show any traffic ARP packets, not much else

6 Wireshark Conclusion Wireshark couldn’t identify packets used to transmit data Used a packet different from normal TCP/IP and didn’t know how to display it Need to use a raw packet dump and try to analyze it that way

7 Drone Hacks \ Mods Hack#1: Program Drone over Wi-fi Node.js
Platform built on Chrome’s Javascript runtime Install AR Drone module Client for controlling AR Drone (nodecopter.com) Save flight commands to file Auto-execute drone actions This method also included untrusted .js files

8 Drone Hacks \ Mods Hack#2: Program Drone over Wi-fi
Packets sent as UDP/TCP Single UDP contains 1+ command(s) AT*REF: takeoff, landing, reset, stop Ports: Port UDP packets with regular commands Port Reply UDP data packets from AR.Drone Port Reply video stream packets from AR.Drone Port TCP packets for critical data that cannot be lost usually for configuration

9 Drone Hacks \ Mods Hack#3: Exploration of internals
Airodump-ng capture of drone wifi Revealed open access point Aireplay -0 deauth attack Arp scans Nmap ftp, telnet ports left open

10 Projecting Video …The Hard Way

11 Projecting Video …The Easy Way
Telnet telnet ffplay (ffmpeg) ffplay tcp:// :5555

12 Video Demo

13 Optional Modifications
Blinking LED lights Upgraded Blades/Rotors Long-life replacement batteries 1000mAh standard, 1500mAh RF controller … for lights, etc. Radio upgrade Prop axle brushing replacement Upgraded camera

14 Attacks Using Telnet to get into the drone (no security, default is open) Typing “Reboot” will cause the drone to restart, and it will fall, but can reconnect after it finishes restarting.

15 Attacks Using Telnet Using “netstat –pantu” then identifying the connected person and their TCP stream. Then typing “Kill <pid>” will cause the drone to fall out of the sky, it needs to be restarted before it will fly again from any user.

16 Attack 1 Demo

17 Hardening Repeater AR.Assist – Windows Wizard Use to connect drone to WiFi hotspot Now locked to that hotspot Can be permanent

18 Hardening Reload the linux kernel Lots of time and effort

19 Operation Stux2bu Attack 1 Attack 2 Attack 3 Attack 4
No security, reboot with lock-out capability Responds to Telnet only Attack 2 With security, MAC Spoofing, Attack 1 Attack 3 Jamming the signal Attack 4 Floss...in the rotors

20 Sources

Download ppt "Nate Krussel, Maxine Major, and Theora Rice"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.

WEB AND WIRELESS AUTOMATION connecting people and processes InduSoft Web Solution Welcome.
10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.
Crack WEP Lab Last Update 2014.08.12 1.1.0 1Copyright 2014 Kenneth M. Chipps Ph.D. www.chipps.com.

Crack WEP Lab Last Update Copyright 2014 Kenneth M. Chipps Ph.D.
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
IP Office Install in Basic Mode Initial Steps. ©2009. All rights reserved. Overview of Process 1. Read all documents sent from Avatel concerning install.

IP Office Install in Basic Mode Initial Steps. ©2009. All rights reserved. Overview of Process 1. Read all documents sent from Avatel concerning install.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.

Application Layer  We will learn about protocols by examining popular application-level protocols  HTTP  FTP  SMTP / POP3 / IMAP  Focus on client-server.
NetComm Wireless SMS Diagnostics and Commands Feature Spotlight.

NetComm Wireless SMS Diagnostics and Commands Feature Spotlight.
Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.

Troubleshooting methods. Module contents  Avaya Wireless tools  Avaya Wireless Client Manager  Avaya Wireless AP Manager  Hardware indicators  Non.
NetComm Wireless SMS Forwarding Feature Spotlight.

NetComm Wireless SMS Forwarding Feature Spotlight.
A+ Certification Guide Chapter 10 Mobile Devices.

A+ Certification Guide Chapter 10 Mobile Devices.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Ch. 5 – Access Points. Overview Access Point Connection.

Ch. 5 – Access Points. Overview Access Point Connection.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to Eagle Server AsiaPac Academy Workshop Bangkok 27-29.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to Eagle Server AsiaPac Academy Workshop Bangkok
Configuring the MagicInfo Pro Display

Configuring the MagicInfo Pro Display
1 Web Server Administration Chapter 9 Extending the Web Environment.

1 Web Server Administration Chapter 9 Extending the Web Environment.

Similar presentations

Ads by Google