Airborne surveillance, Anti-UAV Defence System, directed energy, DIY, Drone repellent, privacy intrusion, science, security risk, signal jamming, social engineering, surveillance technology, Threat assessment, Threat matrix, Threat removal, UAV, unwarranted surveillance
Do it yourself Surveillance Technology Repellent
The information presented here is for educational purposes. As with all guides covering network and computer security, the techniques should only be performed on devices that you own or have permission to operate on. This tutorial is designed to help users understand the security implications of using unprotected wireless communications by exploring its use in a popular drone model: the Parrot AR.Drone 2.0.
It’s illegal to access computer systems that you don’t own or to damage other people’s property. As we continue the public dialogue on drone regulations, it’s critical to understand as many aspects of the issue as we can to include social impact, policy, privacy and of course, security. We hope that manufacturers take steps to improve the security of their products and users continue to educate themselves on the capabilities and vulnerabilities of emerging technologies. Make: and the author take no responsibility resulting from the inappropriate or illegal actions that result from abuse of any of the techniques discussed.
Quadcopters capable of transmitting high-quality video are making it possible to affordably record unique perspectives. But these “unmanned aircraft systems,” as the FAA calls them, have posed new challenges in security, safety, and privacy, and many experts caution pilots to consider the implications of increased drone usage. In addition to the concern of constant surveillance, there’s the possibility that businesses (or hackers) can collect location information from mobile devices by using roving drones.
As a result, a cottage industry is forming for anti-drone technology. These devices come in a range of sizes, from plane-mounted to handheld tools. I will show you how to build our own rig to execute a particular network-based attack against one type of quadcopter control: Wi-Fi.
A Word of Caution
While I won’t touch on signal jamming or directed energy, it’s worth noting that jamming creates serious safety risks and is illegal. Additionally, the computer-based techniques that we’ll cover should only be done on networks and devices that you own, or have permission to experiment on.
Wi-Fi is a key interface for many current quadcopters. Some use it as the interface between the controller and a tablet displaying mapping and telemetry data. A few drones, such as Parrot’s Bebop and AR.Drone 2.0, are entirely controlled via Wi-Fi. This type of system lowers the barriers to entry into the drone space since pilots can use their own devices for control, but it does create interesting security situations since existing network-based attacks can now be used against these devices. Modern drones are essentially flying computers, so many of the attacks that were developed for use against traditional computer systems are also effective. The AR.Drone 2.0 in particular has many impressive features and sensors that users can access, and its low cost makes it an ideal platform for experimentation and learning.
How it Works
The AR.Drone 2.0 creates an access point that the user can connect to via a smartphone. The access point that it creates is named ardrone2_ followed by a random number. This access point by default is open and offers no authentication or encryption. Once a user connects the device to the access point, he or she can launch the app to begin control of the drone. This process, though convenient for the user, makes it easy to take control of the drone. The AR.Drone 2.0 is so hackable, in fact, that there are communities and competitions focused on modifying this particular drone.
Using a laptop computer, USB Wi-Fi card, and our new antenna, we’ll explore a very simple attack. Power on the AR.Drone 2.0 and have a friend fly it around using the app. After a few seconds, its access point should also show up in your available wireless networks. Connect to the network and start up your favorite terminal application. The default gateway address for this network will have an address of 192.168.1.1. You’ll be able to telnet to this address since the service is, unfortunately, left wide open on this system.
Telnet is an older protocol for accessing remote computers. At this point, you can explore the system, or shut it off entirely without the legitimate user knowing what’s going on. Using a combination of freely available network tools, you can easily perform all these steps from your computer.
Now we’ll look at how you might automate this attack with a Raspberry Pi, a touchscreen, and a couple of Bash scripts.
I used a great tutorial provided by Adafruit (learn.adafruit.com/adafruit-pitft-28-inch-resistive-touchscreen-display-raspberry-pi) to set up my Raspberry Pi with a touchscreen, so that I could launch my attacks with a click. Assuming that you have a Pi already set up, let’s walk through how you could automate this.
[Byline Brent Chapman] via MAKE