Documente Academic
Documente Profesional
Documente Cultură
a Professional
Drone
Nils Rodday
rodday@arcor.de
https://de.linkedin.com/in/nilsrodday
Goal
2
Agenda
The UAV
Attacks
Live Demonstration
Remediation
Impact
Lessons Learned
Q&A
3
The UAV – Specifications
25k – 30k €
30k – 35k $
3kg Payload
Add-ons 7lb Payload
Advanced 30 – 45min
Features Endurance
4
The UAV
Not connected
(two separate devices)
Data flow
2.4 Ghz
Remote Control
Remote Control link
©IEEE
5
The UAV – Wifi focus
Data flow
2.4 Ghz
Remote Control
link
6
The UAV – Wifi attack
Attacker's tablet
Communication route
after attack
Original
communication
route
Original tablet
7
The UAV – XBee focus
Data flow
2.4 Ghz
Remote Control
link
8
XBee – Chips
9
10
XBee – Reading the manual...
1. API mode
2. Broadcast
3. Remote AT
Commands
Communication route
5. Remote AT Command:
3. Remote AT Command:
after attack
Change DH + DL
1. Broadcast
Write
Original
communication
route
13
Decompilation of Android APK
14
Decompilation of Android APK
Decimal –> Hex
36 24
87 57
73 49
70 46
73 49
paramByte XX
paramByte XX
paramByte XX
.
.
.
15
Example Commands
24 57 49 46 49 XX XX XX
24 57 49 46 49 89 89 89 (Start-Engines)
24 57 49 46 49 58 58 58 (Auto-Takeoff)
24 57 49 46 49 97 97 97 (Enable Autopilot)
16
Demonstration
Remediation – XBee Onboard Encryption
18
Remediation – Add. Hardware Encryption
21
Lessons Learned
Use strong
encryption
Alter passphrases
22
Credits
Atul Kumar
Annika Dahms
23
Nils Rodday
https://de.linkedin.com/in/nilsrodday rodday@arcor.de
24
Hacking
a Professional
Drone
Nils Rodday
rodday@arcor.de
https://de.linkedin.com/in/nilsrodday
26
• Slide 5 & 12: Photo credit to: 978-1-5090-0223-8/16/$31.00 © 2016 IEEE
27