DroneSploit is a dedicated exploit framework which comprises of various drone hacking techniques. It targets WiFi based Commercial-Off-The-Shelf drones and was first observed in in the wild in early December of 2019.
Here at DroneSec we like to think of drones as flying computers and like any computer system, they contain a significant amount of data which if left vulnerable could present a cyber risk. Understanding these risks can help you to better secure your drone ecosystem and prevent financial, data, or asset loss.
Overview:
The framework consists of both old and new attack vectors against a variety of drone types, including passive and active monitoring, deauth[1] attacks and vectors to break into closed drone-controller circuits. The aim is to automate and streamline the process, being simple to conduct and visualise the results in real-time.
The framework is limited in its ability to only target WiFi-based drones (e.g. AR Drone, DJI Tello, Mavic Mini) but not RF-based drones (DJI Phantom 4, Mavic Pro etc) but the goal being to bring together as many exploits as possible for drones under one roof. By typically Information Security standards, it seeks to make users aware of the risks and perform simulated attacks against their own systems in order to better protect them.
Recommendations:
As with any WiFi-based drone systems, ensure appropriate attack-vectors have been identified and simulated against. For drones that allow modification of their Wireless Access Points (WAPs) and associated passwords, customise these before flight operations, disable open-connectivity and ensure networks are protected with up-to-date encryption standards. Where possible, use MAC filtering to ensure only your trusted devices can connect. Review your drones’ action-policy for what happens when it loses connectivity and document the process for any unexpected actions it might take.
DroneSec Analysis:
DroneSec conducted tests on four drone systems using the DroneSploit framework. Video release and dedicated writeup to follow.
References:
https://github.com/dhondta/dronesploit
https://github.com/dhondta/dronesploit/blob/master/docs/blackhat-eu19-arsenal.pdf
[1] Deauth: De-authenticate – A number of packets sent to the controller or drone to separate the connection and allow the opportunity of a new device to connect and take place.
Interested in more drone hacking information? Check out our article on hacking the Parrot AR.Drone 2.0 here.
This analysis was first published in our DroneSec Notify Threat Intelligence release. To get the latest information on rogue drone incidents, regulation changes, and technological advances for the drone, counter-drone, and UTM System industries, subscribe here.
As with any newsletter service, you can unsubscribe at any time.
However, DroneSec Notify intelligence is so valuable we're sure that you'll never want to.
