DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline
Вставка
- Опубліковано 21 вер 2024
- My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt my electronics, too. In this presentation, we’ll look at some of the research and issues we encountered, when we attempted to force land two commercial drones (the new DJI Phantom 3 and the Parrot Bepop Drone) by sending GPS signals directly at the drones (while staying under the threshold for jamming and not disrupting anyone else).
Speaker Bio:
Michael Robinson has over 15 years of computer security experience and is currently a computer and mobile device forensic examiner in the Washington, DC area, where he deals with intrusion analysis, incident response, and criminal cases. For over four years he ran IT and IA operations for a Department of Defense agency. He has conducted research on security of mobile devices and is starting to play around in the drone space. He teaches computer forensics at the graduate level at Stevenson University in Maryland.
single person can be fined up to 112k for malicious interferance with a drone, but a state agency can't be sued for more than 100k for fraud. amazing.
bullshit, init
*with gps signals, which could be used for nuclear power plants, and 112k sounds mighty small for nearly making chernobyl 2
Well committing fraud isn't the same as making a drone crash into someone's skull so.......
Yes I suppose hypothetically someone would get fined 112k... ya know, hypothetically
My fault that you were dined?
man, he gave cloud computing a whole new meaning
Under rated comment ⬆️
If it's close enough to be invading your privacy, it's close enough to throw a rock at
If only girls could throw 😁
*laughs in zoom lens*
FTP part got me. Jesus, so many vulnerabilities.
ITS A DRONE.
A DRONE.
"OMG BRO IM GONNA HACK INTO A KIDS TOY" literally, fucking go for it. Make sure you have a great story to tell the cops as well.
@@SP-dj9kl A kids toy that is being used to spy on people.
A neighbor's kid has a Bebop drone... And being the kind of person that enjoys trolling people... I tend to mess with them a bit...
@@jamescollins6085 And probably destroying property
@@MarcGyverIt Entirely possible.
This research gets a lot cheaper if you hot glue a string to the top of the drone and hang it from a hook.
It won't say how exactly it falls. Would it regain control before hitting the ground? Would it land safely, or just crash into the ground? Would it fall beneath, or crash forward with inertia? Would it roll when falling? And so on and on.
But you would know that it falls/kites out of control/goes home without having to destroy one every time.
You have done this and are talking from experience? Logic tells me the PID loop would struggle to correct from this external influence and would freak out trying to stabilise itself.
While that sounds like a good idea in theory, once the drone is hovering on it's own it only has an elevation window of less than a foot because as soon as it's hovering the string will be pulled toward the propellers.
@@TheJustin574 All you need is a long string, a tall ceiling (a gymnasium would be perfect) and 360° guards around the drone's propellers.
"I'd like to see policy makes get informed before they start making decisions." This is the biggest issue technology faces, especially for the little guy. Laws tend to favor and protect big business and screw the little guy.
Look at the government's continuous attempts to break encryption, oblivious to the fact that backdoored encryption does not work.
I was really hoping it would overwrite the home position.
Then we could name it the "Scuttlebug".
Making my neighbors kids cruddy drone build up speed for 12 hours
Fly it into the cop shop lol
But first, we need to talk about parrarel universes
hahaha its not healthy that i get this reference.
Great talk, great presenter. Would want somebody like that as my teacher.
That map at 6:46 is a little misleading due to the massive size of country. Those marks could be right on top of each other on that map and could still be many miles apart.
Enjoyed the video!
Alright, so i'm only like 4 minutes in, and I have to say this: Ive been a massive standup fan for half my life, and this guy is better at standup comedy than most comedians who're already 10 years into their career. Like he's got the timing and the rhythm of a comedy veteran. Seriously, if he had a podcast, I would listen to every episode
Really? I didn't laugh once. Everyone's different I guess.
i noticed the same thing vs other ted talks or defcon vids that he def knows how to work a crowd... socio economics are fascinating to me and i mean like its my number 1 interest .....
some situational comedy, but his timing is a little elongated. Then his Q&A is quite brash.
3 min in and not seeing any of what you are talking about
15 minutes in. you need to watch better stand up. try patrice O'Neal, elephant in the room
flying telnet and ftp
it's like a flying old windows 2009 server without patches
@@братволк-р7я With no password on the Admin account.
It's the "CLOUD"
FTP ALL THE THINGS!
This is a new version of FTP: FFTP!!! Flying File Transfer Protocol!
man this was entertaining. its amazing how much of my potential i have squandered away.
You and me both.
So, hypothetically speaking,
Could one hijack the drone, take loads of pictures of the neighbors, download copies, and then return control to the owner, and patsy them for your crime?
Yes
@@BanditLeader But wouldn't there be a log file in the app or even the phone that you could use to show you weren't connected to the drone at the time the pictures were taken?
@@xdazamx If there is you have root access so you could delete or edit it, but doing this in the span of its short fly time would be challenging, but not impossible. That log he was talking about on the phone locally probably has a log showing it was trying to reconnect though.
@@MagicCookieGaming sounds reasonable, although reconnecting isnt the same as connected. People have been done for less so it some people might not care what the logs say, just having the pictures is probably enough for a lot of people :/
@@xdazamx True, but in a court of law that'll be a huge fact that won't go unnoticed and any defense will milk that for all its worth and with nothing to prove that you did it, only things to prove that you didn't do it, I think it'd hold up in court.
Given the fact the first drone was running linux and he had root, he could have done much more interesting things
Belarusians have actually made a drone with an RPG round tied to it to drop on tanks
Oh how right you were 4 years ago
First defcon presentation I've fully watchers had me immersed all the way!
Awesome talk and he's a great communicator
15:45 What did he expect would happen? lmao that's fantastic.
When he gained control over the flying, why didn't he fly the thing on his roof and wait for the kid to come and cry for the drone >:)
but that's even more annoying to deal with the parent, remember?
I'd fly into the top of a 100 foot tree. HARD, so it sticks.
Because the police might knock at his door and see all the hacky stuff laying around.
MNM MN MN MacAdams
Ndnm.nmmnnnnnnnnnnna.nn
Nd
.Dan
Nna.amnsaannn
Andnn
Nnnndnnsd
Ssnansnanannn.sangsanna.q
Nnvsa
Ann
N.an..
Same.nn.n
.n
Asa
Ben
NN.sndnagsanann.m
no fly it on to their roof then watch them try to get it
"So... have you tried talking to them?"
"Nah, social skills are overrated"
I would have had filled the ftp directory with gore, and linked the /init script with *shutdown.sh so everytime it is turned on it turns off and cant even update/reset
I give that a 7/10 for aggression
1/10 for style
2/10 overall quality.
14:46 LOST IT COMPLETLY! ROFL!
Seriously great talk!
This talk is more relevant now than ever, with drones becoming a large part of modern warfare as seen with the Russo-Ukrainian conflict!
Great talk 👏🏼
I got a drone that requires no GPS or WLAN to work perfectly. Attitude control is handled by an accelerometer. It's dirt cheap, easy to setup and fly, and has plenty of payload capacity. It uses standard components that have been used in RC aircraft (not toys!) for years and this talk says NOTHING about defeating those, except for the shotgun bit.
The cop just takes his tools like he wouldn't be able to just replace them with all of this documented research
Has nothing to do with prevention has everything to do with liability against the officer. If the officer didn't take it I'm many different scenarios it could mean his job depending on those scenarios outcomes. It wasn't "I must take this to prevent you from ever recreating this" it was "I must take this to show for the record that I witnessed what happened and did my best to start you at square one and past this interaction anything you do after is outside the realm of my liability as I'm not following your every move to find out if you acquire these things again to recreate it". That's like saying why confiscate illegal weapons if they can just get more later.
Probably just took it home cuz it's cool
It annoys me how people do the wrong thing with drones because it's ruining it for all the people who enjoy the hobby and scares regulators making stupid laws.
That can be said about any hobbys, guns, knives, computers...
TDay yeah that's true with bloody everything
Replace "drones" with literally everything. Guns would be a good example
@@AlexN2022,man I hate it when people do bad things with stuffed animals
@@AlexN2022 It annoys me how people do the wrong thing with *murder* because it's ruining it for all the people who enjoy the hobby and scares regulators making stupid laws.
I don't know about most of the stuff these guys are talking about, but this is the most fascinating thing I've seen in a long time.
see now that i know it's basically a wide open flying linux box i want one way more
This is a comedic masterpiece
Iran watched this video and used it to disconnect our military drone offline and messed with it's GPS to think Home was wherever they wanted it to land.
As much as I hate the idea of hurting a kids feelings, I loved this video for the information.
I would assume that gutting the magnetron, waveguide, transformer, etc from a microwave oven could be used to construct a directional interruption device as well. Could potentially fry the circuits in the neighbors drone too. Just food for thought.
Oh gawd!
One small thing I noticed as a phantom 3 owner. A mode stands for atti or attitude mode. Other than that great talk!
Amazing detailed information speech I love the shell display amazing how it is so unsecure.
The speaker was incorrect about spoofing GPS. Jamming the GPS is trivial - you just broadcast a much stronger garbage signal. But actually feeding a GPS receiver signals that would cause it to calculate an incorrect location would be extremely difficult, if not impossible. You would not only have to mimic the signal from the satellites, but you would have to recalculate all of the phases of the signals, taking into account that the receiver knows, where the satellites are in space at any given moment. If it's possible, it would require some heavy-duty math, very fast computer (more likely a DSP), and very precise radio equipment.
Isn't that how Iran stole a US combat drone a few years ago?
You can spoof it by doing a replay attack. You capture the GPS signals from one place and play them back at another location. You could do this with recorded signals or in real time with more effort.
There are papers available that would walk someone with a decent level of experience through the process. It's on the high end of what one person could do, but definitely possible.
@@0150r Except the timing would require impossible sample rate. The math to spoof the satellites isn't that hard. The protocol is rather simple. Hardware to emit it - offsetting one signal from the other with nanosecond precision to fake the light speed delay - that's trickier.
sharpfang That's not true. Well, it's partly true, but also not necessary. Instead of delaying the signal on the signal-generating side you can delay it easily on the HF side. Better yet, combining the two can easily achieve the ~5-15-ms range for a number of virtual satellites, plus-minus a few hundred nanoseconds each, to fake the (consumer-grade) signal position. Nothing too terribly unachievable with reasonably good knowledge of your actual position, an SDR, and a stable timebase. Prices for everything are in the $1000 range, and falling. (BBC article from 2012, and gps-sim-sdr on github)
Drunk watching a f*cking 6 yo Defcon. What a day.
fun fact :
when I worked for the RCAC (air cadets in canada) I was 17, and there was a CANEX (basically a micro convinience store / wallmart (you could buy tv's and washing machines n stuff) and millitary surplus.) fun fact, its IN the millitary base (CF-18 airbase lol) and they were selling a parrot AR drone 2.0
Like. why not !
I almost bought it to fly it on the base, but I didn't want to mess around with the MP XD
Different countries have different laws - and they are constantly changing. There are also local laws in some communities of the US and possibly other countries as well.
It’s possible the base isn’t on the “no fly zone” database and that base might encourage drone hobbyists if it isn’t a problem.
Or it slipped through the cracks
CANEX IS THE BEST BRO THE FUCKIN BEST
Pretty fun prez. Thanks,
Unfortunately for you, your drone is a pile of plastic, minerals and metals while that baby is a human being.
42:00 damn bro, that man is the dude taking pictures with a drone...
Build a kreosan style microwave cannon and attach it to a turret
That would be a weapons platform. enjoy jail.
Kreosan microwave cannon is fake. DiodeGoneWild debunked it and made a video about it. Check here: v=CWF-2Z508j8
or another drone...
see youre playing checkers, and i’m playing chess.
*you dont need to defend if you can offend first*
@Karl Lentz That's for civil, not criminal
in the year 2019..these drone laws got a LOT tighter!
Yep trying to stay legal is a beeping pain in the butt
Well, here we are 4 years later :(
@@nathanblanchard8897 if your drone is 2 ounces , then you may fly at 10,000ft and above....
Damn, this guy is entertaining as hell :D
STRONG MAGNET on a string, swing in a 10' string (550 Milspec paracord) to have a rotating 20' circle of oscillating magnetic compass confusion interference as you are walking to move the field oscillating.
Great talk, congratulations.
oh jesus 7 years ago..... we're in the first drone war now lol
Just wondering, why don't producers put passwords on the telnet/ftp servers/wi-fi etc..?
ease of use for the non tech savy customer, that said parrot has taken some precautions with their firmware etc but it is still very open as i understand it is meant to be pretty much open source and hacker friendly. Also you can buy a third party cotrol app for the bebop wich enables encryption of the transmitted data (source: i own a bebop and am a pretty active member of the "bebop hacking community").
+ThePassiton I thought it had something to do with low budgets or something and they don't have the time to do that... Ahh well thanks mate!
that might be a factor too. im not a expert so anything i say should be taken with a pinch of salt
because it's cheaper to develop as fast as possible. these cheap drones are all the same
i connect to my drone with a VPN
Based on my understanding of GPS, "spoofing" a GPS signal would be very difficult because the satellites do not send a location; they send a time. The receiving device calculates its location based on the time differences between the timestamps received from the satellites.
You can still break GPS by screaming that you are *RIGHT HERE* and the time is *YESTERDAY*.
Just receive that very signal, up the time by a millisecond or few and retransmit it but much stronger. Any nearby GPS client receives the valid time transmissions from two or three legitimate satellites and one that's slightly off the reality and might mix up the location. With one such a spoofing device it could be trivial for a device to counter this by calculating if it's realistic that a car navigation is 2000 feet up in the air for instance but that again could be countered by spoofing two such satellites.
There are points on the earth that send out the dame typ of GPS that the satellites use to determine their location
Jamming GPS signals is quite easy. The signals your GPS receives are very weak. In fact, they’re actually below the natural RF noise floor. It would only take a few milliwatts of power to overpower the GPS signals in a significantly large are. As far as ‘spoofing’ GPS signals, to make the drone believe that it’s somewhere else, that’s already been done by more than a few people. Here is one of the best videos on the subject. The presenters are difficult to understand (english isn’t their first language), but it’s very interesting and informative. ua-cam.com/video/jwJKMti_aw0/v-deo.html
It's been done by researchers. It'd take a bit of expertise to start from nothing, but it's possible. I think container ships have started using multiple GPS antennas to crosscorrelate the signals.
as for projecting a magnet, try a degaussing coil. might be big enough you could fly right into the center of it.
Hahaha, he didn't tried the Phantom 3 Standard... he tries the advanced/pro Phantom 3 ^^ (Edit: phantom 3 standard uses wifi, and has root access too, with ssh open lol)
If you fly a DJI Phantom 3 over the power cords it will wall like a brick to the ground.
Tested.
Not to try.
Negative
What amazes me is the fact that people have windows next to showers, don't even bother putting in a simple privacy filter, and don't notice the drone with its blinking lights!
Some of the people that asked questions, I feel work for the company, and they want your security opinion.
I work in the IT/Networking Industry and have to Administer a large number of "Busybox" driven Network Devices. It all depends on which Commands/Utilities were Compiled w/ the Installation, which you'll likely have to experiment w/ to determine the necessary Tools/Commands, etc. However, since the Bebop Drone Runs on Busybox, you should be able to Secure the Wireless via the IFCONFIG & IWCONFIG Commands. The 2.4 GHz Wireless Interface should be wlan0 and from experience, if there is a 5.0 GHz WiFi Interface, it may likely be titled wlan32. I would also imagine that there should be an On-board Firewall that you can also utilize, which you can likely use the IPRULE Command to Manage (If IPTABLES isn't Installed).
Busybox CLI Documentation: busybox.net/downloads/BusyBox.html
Parabolic mirrors are the way to deal with drones. Just be careful of other aircraft.
I wonder how much of this stuff is intentionally left open as a back door for SS to shut down all drone traffic at the flick of a switch, when necessary.
This remains one of the most entertaining talks lmao
Make some propeller protectors for those tests, dude, it's gonna get expensive otherways (and you may end up crushing bearings too)
Wish this guy would have helped in Gatwick yesterday.
Man this dude is awesome
Is it normal that your video is reuploaded without CC and attribution? ua-cam.com/video/DxUh4x-tWDw/v-deo.html
It's used for advertising that company by publishing translation.
yooo love your videos man! :)
Great talk. Even a noob like me could follow all the way through that :)
Lot of legal issues are ambigous, but the general idea is that entering a completely unprotected wireless network is not seen as computer-intrusion, only if you enter a passwordprotected system without having a right to do so is it considered hacking. With that said, the hardest interpretation of the laws means that you are already doing intrusion when you CONNECT, even without downloading anything.
I don't get why the cop would clue you in on a little thing if he was just gonna conf it later.
"why is that possible? Shouldn't it be deactivated?" ....Has that guy seen any car top speed on a speedometer?
MUCH NICER THAN SHOOT IT, HACK IT IN THE AIR AND OVERCLOCK IT TO SHIT! MELTDOWN FALLING DOWN!
No, shooting it down is the much nicer option. My preference would be a HK drone. Maybe even some cheap, disposable drone to use as a KV for ramming, or to deliver a prop killing payload.
That said, I wonder about chaffing it, to disrupt its control signals and GPS. It would probably require a fairly dense field, but assuming it technically feasible, I would imagine it could be implemented through a number of legal loopholes.
36:40 That guy makes a good point. I'm not at all interested in flying dji's or parrots but i think that the hobby community (racing, freestyle, actionsport..) is currently not at all represented at the table.
just fyi:
The older guy from the Australian Hobbyking reviews has done a full coverage vid about this problem and how it (like always) starts out as American internal affair (law, regulation, jurisdiction, enforcement, etc > at extreme )
But then it will (as always) suddenly get a bunch of grey mustaches at the table each ensuring that trey're calling the shots
Great talk from this speaker. loved how the whole narrative strings it
Best Best Best. No more word
phantom 3 is wifi it runs 2.4ghz just out of wifi ranges an uses it own protocols ie OFDM modulation
45:59 The Joker is hatching a plan
A thousand metres, surely he isn't alluding to the infamous kilometre
Well now I need a dozen of these. Should be pretty simple to get them flocking...
This made me so fuckin' happy:) When the root prompt showed up on telnet I laughed and laughed and slapped my thighs and my brain filled full of endorphins:) _That's_ entertainment:)
29:23 drives from your old hard drives?
How does that work?
Seems unreasonable to me to have limits like no fly and altitude externally enforced by software. I understand the desire for safety from careless and possible malicious pilots but the foundation of a free society doesn't include preemptive law enforcement. Make an undesirable action illegal, then enforce the law for those that are found breaking the law, don't generally restrict function. Free choice is one of the most important values of a free society. Privacy laws, trespass laws, destruction of property laws, reckless endangerment laws are all we need, we don't need to specifically restrict and/or illegalize everything that could possibly be dangerous.
I agree but what do you expect from a chinese company ;)
@@christopherbertoli7322 I'm absolutely with you on safety, and laws and enforcement which are within the scope of the danger and for accidents the likelihood of them. If you build a fortress for every slight possibility of danger then we'd have a ridiculously restrictive world that would still have as many dangers. Planes don't come down as easily as your apparent fear is. We don't need a moratorium on birds. I'm in favor of laws and rules but not reactionary ones.
if this is the case why are there so many complaints about them being on air fields? why aren't there measures in place to just take them down like these?
If I was just listening I would be sure this is Cristopher Walken.
Awesome speaker
Yes very interesting locations like nuke warhead location and general higth priority stuff
australia is pretty well regulated for drones
Slep yes only drones can work for engineers.
he had root. totally could of wiped the device and render it unusable.
he said the shutdown command did that permanently anyway
> Could of wiped
> Could of
You had root. As in, you were the sole editor of your comment and had the full rights to edit, even correct it. You could have spelt that correctly and render it unretarded. Does that fucking answer your argument?!
@@trstmeimadctr No, that isn't a permanent solution, that just requires a cold reboot.. Wiping the drive would require reinstalling the OS..
Perhaps Fdisking into as many small partitions as possible would make the reinstall fail for anyone not savvy enough to undo that, since the partitions would then be too small to fit the OS?
@@Anvilshock *spelled
*spelt. Look it up, you illiterate shitfuck.
Okay thanks for telling me that my drone has anonymous ftp login allowed😑
Even better... There's no logging on the drone. So you won't know if anyone else is connected to your drone until they do something.
disrupting the radio controller signal from the dji controller to the drone is a lot less ilegal (but probably still ilegal)
Is it just as easy, easier, harder... more practical, I guess?
The parrot Bebop does not use a radio signal uses a Bluetooth signal.
@@robrichert8830 The parrot Bebop uses 2.4GHz Wi-Fi connection for both the video and controlling the drone.
a HERO
About halfway through the video. I'm gonna guess he made his neighborhood a no fly zone and injected it into the kid's drone.
Isn't the location database part of the app and not on the drone?
@@jupitersj Yeah, that's said in Q&A at the end.
As someone who loves flying drones, the rules and regulations make no sense whatsoever. It is perfectly legal for me to fly over your property with or without permission because you don't own the air above your property but it is illegal for you to damage it. The law should make it illegal to fly over others property without permission so that the whole "destroying someones drone is illegal" part actually makes sense. It is illegal to record anyone on their own property without permission even if you are doing so from the air, but good luck proving that they did if they never post it anywhere.
The video is probably coming down with a synchronous protocol and the frame sync immediately drifted.
There are regulations on flying around airports for *ALL* types of aircraft, and they are set up like a up-side-down cake.
Hah the channel name is trolling. I like that
what about bombarding it with radio frequancy such as a CB band at about 1000 watts. most CB's will generate a very unclean signal.
i was wondering if there is any possible way to upload a custom script into the drone's system, if it's possible i guess you could do some pretty fun stuff with it
With the Bebop? Sure. It's a flying FTP server. Not sure how a script would work on it... But you can establish an FTP connection super easily at anytime as long as the drone's on and transfer whatever you want to and from it... If you really wanted to you could probably turn that drone into a flying bitcoin wallet. It would be the least secure bitcoin wallet ever but still.
First, all the testing could be done with a drone that had no propellers or propellers that had no pitch to them. So the drone would not be in the air. You would still be able to get sensor data and determine what would happen. The second thing that comes to mind is, if this GPS jamming can be done with a drone, what then happens if I am in a self-driving car and I drive past a child that bought a $25 device and an Arduino is on the roadside. Wouldn't the GPS disruption effect self-driving cars, GPS guided construction equipment.
that kid would be comitting a felony of the sort you don't get away with sitting on the side of the road.
If you're in a Tesla on Autopilot, the car wouldn't give a shit about little Timmy and his GPS jammer. It doesn't rely on GPS anyway. It uses it's cameras, radar and ultrasonic sensors. A Tesla probably wouldn't even slow down if the GPS became unreliable.
My local Sheriff's Department and also potentially DEA fly at least six different drones in my area every night, what can be done about this?
Nobody uses a drone to look through windows, you first of all need a polarization filter to be able to see anything inside and then you also need light INSIDE the room to view anything there.
If you are new to flying quadcopters, you crash a lot and if you do you certainly won't be able to hover in-front of a window!
Bullet point six @5:00: line of sight ;)
And at @7:30, you could also be that adult! Maybe his parents are just oblivious to the rules?
I have learned the kids in my village to fly, what the rules are and how to behave when someone addresses you about your drone!
Never used a flashlight, have you? Try it
@@williamchamberlain2263 ok, so now you are pointing a flashlight at a window.
Great.
worst part: this actually worked on a drone I toyed around with in the park today xD
Yep. It's hilarious to here that one annoying kid go crying to their parents because their drone has gotten tired of their shit and stopped listening to them. XD
This is awesome!
So fucking interesting, loved this
Is it possible to entirely remap and reprogram the drone so that it becomes entirely yours ? like, it would recognize my controler and my landing zone and not the one it came paired with... essentially stealing it ? make it yours forever ?
if you can nmap it you can nping it and that's when the real fun starts
"Quadcopters and drones"? Well, while it's true that not all quadcopters are drones, and not all drones are quadcopters (so the terms aren't completely interchangeable like when you said "we call them quadcopters or drones) some drones are quads, so it doesn't make sense to say "quadcopters and drones" as if they're completely separate things. The word "other" inserted in the middle will fix that error.
Shouldn't it been possible to set, using the open Telnet, the passwords to close the telnet... and any other protocols?