Hacking the Drones - Aatif Khan

hello good afternoon and welcome back after a break I hope you are enjoying b-sides so let's move ahead and see how to hack the drones before I move I just want to know how many of you have already hacked the drone or in you are you have some plans to hack the drone he our drone basically we are talking about severe drones okay it's not the military drones okay so just to make it clear yeah you already hacked on you're planning to do it okay we will see some of the cases here what people have been doing in UK like they have been flying the drones in Gatwick Airport and some of the area so what turu and what not to

do so we will be taking all those stuff ok so let's start now so this is our today's agenda we'll having a brief introduction about drone technical perspective what is the drone and how does it work how does it communicate then we'll the most important part we'll also have an overview of what the drone laws in UK and then we will see how to hack a drone like a pro basically the method most of you must already be aware of that so we'll see we will apply the similar kind of method to some of the popular drones and then we'll also perform we will also see how to perform GPS spoofing over another drone which is basically niji a

phantom and then we will see what is the future with the drones so this is the future with the drones so the guardian has reported that rain cone could become world leader in the billion dollar drone industry and you can see that Goldman Sachs says that in by the year 2020 there will be almost 100 billion US dollar business and PwC has already launched his own drone unit so is there someone from PwC working with dawn unit okay no problem maybe you can set it up basically PwC is has divided the drone unit into three major areas wherein they are deploying drones over an organization it is also used for monitoring construction monitoring then asset maintenance and monitoring this is

a useful resource drone industry insight which tells you about the business scope where drones are being used and in different parts of the world so you can check the website this will give you a more updated results so what is roan drone is basically your flying camera which can be used to monitor a specific area or it can be used to take images drone can also be a flying gun so you can you know shoot somebody from the sky it's not for like you and me in general like and we need to make sure to how to stop all those things so we will also be seeing you know somebody should not use it in the wrong way

so in general drone is your Superman where in flies in the areas where you always dreamed of so you can your drone can be your Superman so when it comes to the technical features of the drone these are some of the common technical features for the drone the first one is about estimation and control algorithm so this algorithm helps our drone to fly in the air and it also helps us to return back to its previous path so if a drone lost the control from the communication control is being lost then the drone can again come back to to the path to the base path where it started flying then drones also comes up with

balancing technology so anything kept on the drone can be balanced so this is another feature of the drone this is mostly used now from Amazon and likewise different companies are using for delivering Pisa and current products it also has onboard sensors which keep it flying in the air then it has altimeter which is which helps to maintain proper height it has GPS GPS chips which directs the drone in different location and likewise it has propellers which which also helps to maintain a proper algorithm in the air and it has multiple rotors and batteries or rotors basically there are multiple rotors in case if one of the rotor fails there will be another one as a backup

which helps to keep the drone flying in there and in terms of battery there are in general there is a battery for 12 minutes to 40 minutes of support and you can also add up remove or removable batteries for depending upon the load your drone can handle the batteries flying time can be increased ok now comes the communication method so these are the four major communication method Wi-Fi is one of the most mostly used communication method which is basically used to send data from the drone to the controller and likewise so then there is a GPS communication which helps

okay fine so I can move around now so we are talking about the communication method the second one is GPS communication which will your drone will be fitted with different kind of locations and likewise you can take the drone to different areas then the third one is a Bluetooth which is which works on a specific radius and it also helps to send data from the drone to the controller and then we have an RF transceiver with 900 megahertz to 4.3 which can help to send data from for a larger distance okay so we come to a part where in talking about the drone laws in UK so we have an official guide from Federal Aviation Authority which

administration which talks about no drone zone so this was the example which I was talking about some time back you guys might have already heard drone causes get big Airport disruption and a drone flying close to get big Airport led to the closure of the runway and force five flights to be diverted so this is something you know somebody's did this silly job and it caused a big trouble okay so when it comes to no drone zone these are some specific areas around UK you're in these have been marked with different colors and it defines different areas wherein you should not fly the drone so we will see what are these different areas marked with different colors the first one the

red one is about danger areas which is basically military areas and high intensity radio transmission area then you have prohibited areas which is airspace area then controlled airspace aerodrums airports and we have some restricted areas which are prisons and nuclear facilities and yellow one represent the military Aero rooms so if we check the map this is how it is being divided so you need to make sure your drone doesn't fly in these areas and we have the drone code so drone code basically gives a guide for anyone who is trying to fly a civil drone public place what all rules minimum he should be following so the first one is about don't fly in your airport or

airfield you need to stay below 120 meter observe you are drawn at all times and stay 50 meter away from people and property and never fly or draw near to aircraft and enjoy responsibly so basically you need to have an eye on your drone it is not something like you fly a drone and it goes somewhere you will be the one who will be responsible we will see how how is the process of you know mapping the drone with humans so if you buy a drone it will be mapped to your you know some kind of identity this is another example which talks about flying the drone which talks about you know keeping a drone at a height of

150 meter and 50 meter away from a public place or any building and you need to be away from airports and airfields also just to point it out if you try to you know play around near Airport then you should be aware of that it's in a criminal offence and you can go to prison or for up to five years

okay so this is open good website which talks about another guidelines on how to fly a drone and we'll see a brief overview here so as I told as I told you are responsible for each fight so whatever task your drone do if it is taking a picture you know deviating a privacy so all those will be directed to you and then again it talks about you know keeping yourself away from aviation keep your drone inside and also you need to learn how to Dreyer how to fly a drone and the most important part which is now you every one of us be aware of about data privacy so you need to make sure you

consider the rights of privacy these are some of the latest developments in terms of drone so we see there are the new powers for police to address illegal and unsafe use of drones and you may soon need to take driving tests to fly there so how you have the driving test for driving a car you same way you need to it's in the process of you know maybe you will be soon have to take a test for flying a drone and again house of Lord had calls for a compulsory registration of every single drone flying in the air this is one good website no-fly zone which maintains a database of no-fly zone so basically if

you are you don't want that your house no drone should fly in here by your house then you need to go to this website and you need to give your GPS coordinates so this database will be used by most almost all of the popular drones so they make sure even if you try to take your drone to a specific area but it is if it is mentioned in this database then it will not move forward in that area so let's see what are the different ways of you know protecting yourself from the drones this is another this is the first way listed here which is about drone defender so this is a gun which which

which you know helps you to shoot the drone then it fails down in the on the ground this is another way which is being used by the Dutch police you can see the Dutch cap also on the Eagle so basically an eagle is used to catch the drone this is another way drone catching another drone so there is a drone with a net and then it will catch a drone

now V being a security geeks will be not using any of these way we'll see how we use a laptop or our smartphones and how do we control the drones so this is I will be discussing two most popular drones this is the first one which is parrot ar.drone and is being manufactured by a French company and we'll see this is the technical features wherein it talks about this is a 1 gigahertz 32-bit ARM processor it has a Linux OS 1gb RAM and it has front and round cam it has USB Wi-Fi and ultrasonic multimeters now when it comes to well I already the most the biggest loophole for this particular drone is that it is using an open Wi-Fi

connection so when a controller is communicating with the drone it is using an open Wi-Fi connection and so an even if he is able to do thin de gate the controller then he can take over the drone so we'll see how does it works this is the typical picture from a controller perspective this is how a drone is being looking from it so here is an iPad which is acting as a controller so this is a normal scenario wherein we have iPad which is acting as a drone controller you can also have your smart phone which can you know along with drone there are a number of apps which if installed can act as a

controller and you have a drone flying in there now the game changes when when the hacker comes with the Kali Linux and with an alpha wireless card so we will see how does he utilize this so the first task what we do is I guess most of you must be running this command in some of the other does does anyone have used this command previously before ok where do you use it exactly so same wave of how you do a wireless hacking the first step is to disconnect the client from the access points similarly you will be disconnecting the drone from the controller so you used a replay command and you specify the MAC address of the

drone and then you specify the MAC address of the controller and 20 is the number of do 10 dication packets which are enough to disassociate controller and the drone once it is done you can connect to the drone so here is a video demonstration how does this task is performed

oh there is something wrong

for videos and English ones okay basically this command if you see it's as as I specified you specify the MAC addresses of the client and the drone and you will be able to disconnect that so here we have specified thirty five so once this command is being executed it will send do 1035 G of indication packets and the control will be lost okay so this is how you can see

okay so you can see there are the authentic Asian packets being sent and once all these packets are being sent you will see that the controller displays no connection or a controlling lost

so this is how you can find that controlling not available so this is how an controller will be appearing so at this point of time so before you know performing this attack you need to be aware of what are the MAC address range for parrot ar.drone so this is another useful website which gives you what are the MAC address range being assigned to different products so you can simply go to a high triple e dot org and find out for parrot ar.drone what range of MAC addresses are being assigned so once the hacker gets control over the drone he perform a best basic and maps can he finds out that for this parrot ar.drone it has open port for FTP as

well as telnet this is one of the issue with lot of IOT products wherein you know they are not concentrating on security so this is just a way of exporting those over liberties so once we find out that there is an FTP connection we try to establish an FTP connection and once it is established we have the access to the images videos whatever images videos are being captured by the drone you have the access for all those things similarly we try to perform a telnet connection so with this you are able to get the root access and now you are you can get you know access to all the directories the Linux OS which is

running in the drone so once you this is an again demonstration wherein it will show you about ten net connection

so this is a root account and wherein you are able to access all the directories so you can see there are a number of things here like there is a power off there is a reboot so if you do a reboot or a power of or something their own falls on the ground

so you see here one's the power of his connection close so this drone which is flying in the air it this is how it happened

so once you have the root access you can play around with different Linux come on and find out you know what kind of processor it is what is the disk space available and these are all the processes running under the root account this is another you know it's showing the what is the disk space now there is another way of controlling drone so basically you can also control your own using the your browser so how do you do it for this we use node.js interpreter and once you install this you need to clone the project's git repository and you can connect to the drones Wi-Fi network and once you do this you just need to run

the command node dot slash server dot J's once you run this command simply go to your browser and type HTTP localhost with port 3 double-o 1 and with the help of the browser you will be able to control the drone ok so when it comes to controlling the drone from the laptop it is not as easy and flexible how it is with your smartphone but there are multiple things which you can do like here for example there is a command for you can write a simple javascript code which can help you to you know reboot or power off and there are multiple things maybe you can spin your drone in the air for a certain amount of time and

likewise there are multiple tasks which can be done with the help of different JavaScript so here there is a brief example which talks about code to take off spin clockwise and land so if you want to explore more about this option then there is one good resource note copter calm which will give you know if somebody's good into programming and want to explore more options this is one of the good place he can you know check it out then comes another drone which is by the name DJI phantom and as I mentioned earlier DJI phantom comes up with the no fly zone database so here whatever you know no fly zone or whatever GPS coordinates you have specified the

database will be maintained and DJI phantom will not be moving in that particular area so and there are like almost more than 10,000 entries which are marked as no-fly zone but and another good thing about DJI phantom is it doesn't have an open Wi-Fi connection so you cannot simply you know the authenticate the controller and get connected but there is a way GPS spoofing so we perform a GPS spoofing attack and we try to bypass this database no-fly zone database and even if somebody is able to bypass this it can take the drone in those areas where it should not go which we saw some time back this is almost recent kind of example we are in GPS spoofing attack

was performed and the drug cartels we are able to hack the u.s. Border Patrol drone and they took it to some other area so that they perform the irregular task of you know so now what is the problem with GPS signals GPS signals are the most popular one but again these are the most popular unauthenticated and unencrypted protocol in the world so every one of us use this almost every one of you uses maybe to find the location it is also used in the code to track the criminal tracking the cargo there are like multiple usage but if GPS spoofing attack is being performed then this can even you can play with the evidence of the court and likewise you

can perform a number of tasks also another problem with these kind of issues is it is prone to spoofing attack so we will see what is basically GPS spoofing and how you can perform it on Dzi friend 'm so this is a typical scenario wherein there is a controller and there is a drone and his controller will be setting up the program based on the GPS coordinates and we will be directing the drone where he should the dawn should fly where it should stop so you can see here after the coordinates have been set up the drone will be receiving the signals from the nearby satellite and based on you know the 3d axis it will be

flying in specific areas so this image will give you a more much better view you can in three dimensionally this is how the drone looks so with whatever GPS coordinates coordinates are being set up your drone will be flying accordingly so this is another 3d view from the drone now the problem again comes up when a hacker comes into the picture and he initiates the GPS spoofing attack wherein he'll be he'll be directing the drone to fly in those areas which are not actually being set up by the authentic controller so what exactly does it the hiker will be having the same kind of GPS signals which can be downloaded from internet there are multiple websites which helps you to

download the fresh GPS signals once those signals are being downloaded you can perform a replay attack wherein you play those signals and try to send those signals to the drone and when the drone will be as we we know that there is no you know authentication check from the drone to the controller even so if the drone is receiving the signals drone will try to you know try to understand it will understand that this is the one the authentic controller so even if it tries to send drawn in some restricted areas drone will be moving in that area now another point here is in more of the cases you know when you are trying to perform GPS spoofing attack

you will find out that the drone and the controller and the drone are already connected so first part is you need to make sure that the the authentic the origin controller need to be disassociated with the drone for this there are certain devices which we'll see so firstly this is a device hack RF one which helps you to perform replay attack so it comes up with a big range from 1 megahertz to 6 gigahertz and this is available online you can get it some to 30 phones now as I was talking about to disassociate the drone from the original controller is by using GPS tzemre which is an easy way for disconnecting the receiver from authentic satellite

but it is again not for you and me to use because there is an offense under the wire wireless telegraphy act so knowing you we use such a device to block GPS signals and if somebody want to explore more laws this is the website you can read about in now how do you tackle GPS spoofing at present there is no specific countermeasure to fight GPS spoofing attacks and the biggest challenge is encrypting civilian GPS and since it means large update to the infrastructure and lot of money when this signals GPS signal started there were two kind of signals being distributed the one was for military GPS signal another one knows for civil civilian and military where military GPS

signals are encrypted whereas the civilian one are not encrypted another way to counter measure is to have a digital signature wherein you know who where if the drone is receiving any kind of signals so if it is coming from the original source or not that can be authenticated so when it talked about the future with drone this is something in pipeline a company called autonomous flight they want to transform the city transportation and they are in the process of developing a drone which will which you know reduces the time of transportation and a passenger can fly in the drone and you can reach to the airport from central London in 12 minutes so this is

something you know in already in the process and but again this may be again prone to GPS spoofing attack so in case passenger reaching to he through airport he there might be chances that he may reach to he may be dropped in somewhere in the River Thames so you need to make sure that whatever drone you are planning to make it should be avoided with GPS spoofing attack these are the references which I referred and this these are lists of the URL which has you know overview of drone laws the slides will be available on the website so you can you know refer it to later on that's it [Applause]