Please note: The information presented here is for educational purposes. As with all guides covering network and computer security, the techniques should only be performed on devices that you own or have permission to operate on. This tutorial is designed to help users understand the security implications of using unprotected wireless communications by exploring its use in a popular drone model: the Parrot AR.Drone 2.0.
It’s illegal to access computer systems that you don’t own or to damage other people’s property. As we continue the public dialogue on drone regulations, it’s critical to understand as many aspects of the issue as we can to include social impact, policy, privacy and of course, security. We hope that manufacturers take steps to improve the security of their products and users continue to educate themselves on the capabilities and vulnerabilities of emerging technologies. Make: and the author take no responsibility resulting from the inappropriate or illegal actions that result from abuse of any of the techniques discussed.
Quadcopters capable of transmitting high-quality video are making it possible to affordably record unique perspectives. But these “unmanned aircraft systems,” as the FAA calls them, have posed new challenges in security, safety, and privacy, and many experts caution pilots to consider the implications of increased drone usage. In addition to the concern of constant surveillance, there’s the possibility that businesses (or hackers) can collect location information from mobile devices by using roving drones.
As a result, a cottage industry is forming for anti-drone technology. These devices come in a range of sizes, from plane-mounted to handheld tools. I will show you how to build our own rig to execute a particular network-based attack against one type of quadcopter control: Wi-Fi.
A Word of Caution
While I won’t touch on signal jamming or directed energy, it’s worth noting that jamming creates serious safety risks and is illegal. Additionally, the computer-based techniques that we’ll cover should only be done on networks and devices that you own, or have permission to experiment on.
Wi-Fi is a key interface for many current quadcopters. Some use it as the interface between the controller and a tablet displaying mapping and telemetry data. A few drones, such as Parrot’s Bebop and AR.Drone 2.0, are entirely controlled via Wi-Fi. This type of system lowers the barriers to entry into the drone space since pilots can use their own devices for control, but it does create interesting security situations since existing network-based attacks can now be used against these devices. Modern drones are essentially flying computers, so many of the attacks that were developed for use against traditional computer systems are also effective. The AR.Drone 2.0 in particular has many impressive features and sensors that users can access, and its low cost makes it an ideal platform for experimentation and learning.
How it Works
The AR.Drone 2.0 creates an access point that the user can connect to via a smartphone. The access point that it creates is named ardrone2_ followed by a random number. This access point by default is open and offers no authentication or encryption. Once a user connects the device to the access point, he or she can launch the app to begin control of the drone. This process, though convenient for the user, makes it easy to take control of the drone. The AR.Drone 2.0 is so hackable, in fact, that there are communities and competitions focused on modifying this particular drone.
Using a laptop computer, USB Wi-Fi card, and our new antenna, we’ll explore a very simple attack. Power on the AR.Drone 2.0 and have a friend fly it around using the app. After a few seconds, its access point should also show up in your available wireless networks. Connect to the network and start up your favorite terminal application. The default gateway address for this network will have an address of 192.168.1.1. You’ll be able to telnet to this address since the service is, unfortunately, left wide open on this system.
Telnet is an older protocol for accessing remote computers. At this point, you can explore the system, or shut it off entirely without the legitimate user knowing what’s going on. Using a combination of freely available network tools, you can easily perform all these steps from your computer.
Now we’ll look at how you might automate this attack with a Raspberry Pi, a touchscreen, and a couple of Bash scripts.
I used a great tutorial provided by Adafruit (learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi) to set up my Raspberry Pi with a touchscreen, so that I could launch my attacks with a click. Assuming that you have a Pi already set up, let’s walk through how you could automate this.
The first step is to log into your Pi using SSH.
Change directory to the Pi’s desktop (or wherever you want) so that the scripts are easy to find and click.
Using your favorite text editor, create a new file. I named this join_network.sh because I’ll be using this to make the Pi automatically join the AR.Drone 2.0 access point.
Add these 8 lines to your script. On line 7, enter the full name of the AR.Drone 2.0 access point. Once you’re done, save everything.
You’re now going to automate the connection that you tested before and send an additional command to shut the drone down. Start by creating another script. I called mine poweroff.sh.
Add these lines to your script. This initiates a telnet connection to the drone, which is located at 192.168.1.1, and sends the command of poweroff, which tells the drone (which is a computer after all) to shut everything down.
Now make sure that the scripts are executable. Do this by typing sudo chmod u+x filename. Check this for both of the files; we can verify that they are now executable by typing ls -la and looking for the read, write, execute permissions rwx associated with the file.
The two scripts are ready to use. Be sure that no people or fragile items are below the drone when you’re testing. Have fun!
Build a Cantenna
Boost your wireless signal with a directional antenna made from a can
In a wireless world, connectivity is king. A good antenna attached to your wireless device will boost your signal and dramatically extend your range. In less than an hour, you can build your own directional “cantenna” to connect to distant wireless hot spots or interact with wireless devices like some of the drones featured in this issue.