Welcome to PhantomPilots.com

Sign up for a weekly email of the latest drone news & information

Pwn'd Drones

Discussion in 'General Discussion' started by deepheat, Jan 2, 2014.

  1. deepheat

    Joined:
    Jan 2, 2014
    Messages:
    17
    Likes Received:
    0
    Greetings All,

    While conducting my own research into the P2V (prior to making purchase), I came across a website that covers one of my other interests - WiFi Security.

    Since these drones make use of Open WiFi, there is no password authentication to connect your mobile device to the drone, as such anyone with a little bit of programming experience (actually you don't need any programming experience since the owner of the website has already written the program) and a little extra hardware can connect to your pride and joy (in mid-flight) and cut the engine or take control.

    The link, if you are interested... http://samy.pl/skyjack/ - okay, this guy uses a "Parrot AR Drone 2", along with some other (easily obtainable - i.e. Amazon) hardware. Nice video too, especially the part where the program takes over the Parrot Drone and flies it around eventually off camera with the coder in pursuit. The code is loaded onto a Raspberry Pi and with a mobile charger or battery can be discreetly taken into the field.

    The next link http://hak5.org/episodes/hak5-1518 shows one of our very own Phantoms with a nefarious payload known as a Pineapple Mk5 strapped to it that demonstrates a mid-flight "denial of service"!. The video shows the "attack" in action (again with a Parrot as the subject), and runs through the basics of the code. (This video eventually links to the video above)

    I realise that DJI want to make the WiFi connectivity as simple as possible in order to appeal to the masses, but the failure to implement any form of WiFi security appears to be a school-boy error.

    What do you guys think?

    Cheers

    dp
     
  2. Shrimpfarmer

    Joined:
    Dec 15, 2013
    Messages:
    1,012
    Likes Received:
    8
    Location:
    Sussex UK
    Well at the moment all an attacker would be able to do is tamper with your video stream which you either lose or see on your device.

    The Phantom relies on a different medium to control flight so today the pilot should be able to land and recover the phantom.

    The Parrot AR Drone is very different to the Phantom (I have both) and I accept a hijacking is a more viable operation for that craft. I have to say however that being a Phantom or Parrot thief must be a very lonely existence. I travel the country quite widely for extended periods, often visiting the countryside. I have never ever seen another person flying either a Parrot Drone or a Phantom. So all I can say is the thief who goes to that much trouble to try and hijack one of them is going to waste an awful lot of time just looking for one let alone managing to get it. :roll: