Let me just state that I respect Daren his work and contribution to hack and IT community and that this comment isn't directed in any way against him or his work.
Just a month ago while watching one of the Daren's videos I noticed DJI Phantom sitting on his desk and I couldn't wait to see how its going to be used. Than last week I got a chance to see what was cooking in his kitchen.
While drone hacking was mentioned few times here I founded Daren's approach very simplistic and easy to understand. Like always his lingo is easy to follow and his proof of concepts are easy to replicate. He is using WiFi device from his own sore but it can be achieved with almost any WiFi enabled smart phone and telnet app. People at Parrot didn't bother protecting WiFi link and they made it easy to access flight computer on board their parrot drone. As this can inspire some comments and ideas about security I would like to point out to two moments on his videos, first at 07:25 on his first video and second one at 15:17 on second video. While WiFi hijacking and hacking on board computer is quite interesting I founded amazing that nobody didn't get hurt during filming this episode. They could just simply cut "embarrassing" parts in post production but they decided to keep it and in video comments Daren stated "I was flying irresponsibly for fun and hit a wall. No damage. Not recommended." It seems that we are learning from our mistakes but unfortunately this is after the fact that we damage something or hurt someone.
I think that we as community, and as responsible drone operators have obligation to point out to all potential hazards that can arise from operating such remote controlled vehicles. I strongly believe that showing graphic images in warning section is the way to go. As we have more and more ready to fly drones available we will have more and more people using them and we will most likely have more and more accidents. Usually people see nice online videos made by seasoned pro's and think I'll get one and do the same thing. Little they know that its not that easy and most important that isn't that safe. Best case scenario they crash in to the wall or drop from 12 stories high on to the pavement brake their new toy and loose interest.
But if they have to see pictures of potential danger and injuries before they can make a purchase instead of just reading (flying thru) safety warnings they would take it more seriously?
Some of the pictures that by my opinion should be included in every safety warning, printed or online. Look at it as warning on pack of cigarettes just more graphic. Would that cut into sales? probably, would that help us as community in long run? most definitely yes. It all comes to personal perception of safety and responsibility but we are just making a little extra effort to explain to the future users to take safety more serious.
Comments
sigh... at the risk of causing a shit storm.. its exactly this kind of embarassment that manufacturers need to undergo before adding at least freaking WPA2 to a wifi controlled drone..
Phantom Visions Wifi extender is a RIPE target at this point.
Don't blame the folks exercising and using these holes , blame instead manufacturer(s) for releasing utter crap as far as security and safety goes. I could go on and on but I wont...(hint I do open source security/SQA in real life)
And the 3DR radios?? its only a short hop of ordering equipment and a jtag adapter to make an EVIL clone of the radio designed for monitoring,interdicting over a MAVLINK telemetry stream,combine this with 2.4 ghz control link and 5.8GHZ control link jamming and watch someone fly away with your shiny new drone... :(
yep ALL that chinese cloning of autopilots and telemetry link boards has created a large enough population of machines to attract malware and other "fun" software authors.
attacks on the ground control station and autopilot are only a short hop away.
Folks I know are already working on fuzzing, along with heap and stack overflows in the APM software, and its being repeated for NAZA, Openpilot, paparazzi etc ad nauseam.
Get ready for for a brave new world
hotel zulu lima
What a great way to waste your time and the technology.
Nobody is arguing against the need for security. But some of us get a bit frustrated by how today's view on technology is warped by commercial interests. Where closed down and feature limited systems are the norm, and tinkering is criminalized. What some would consider hacking today, would just be normal usage not that many years ago.
If someone is driving pedal-car on interstate and cause your Corvette to crash injuring you and your passenger, it is relevant don't you agree ? His "prof of concept" is just that, not going in argument how trivial but just shows that unprotected stream of control data can be interrupted and hijacked. The fact that nobody exploited RC control system yet doesn't mean that it cant be done. On the other hand our data telemetry radios are open and unprotected. And its all god and fine when you fly rc foamy parrot, buy the moment you put 10k 5-10 pounds rig in air game changes completely. I'm just saying better safe than sorry. Think about it before it happens.
So executing process kill on a embedded linux box over a open wifi connection with telnet made available on purpose for easy DIY, is now considered hacking? The system was designed to make this possible.
As Olivier said. For this to be considered hacking, it has to be done on a system designed to prevent such actions.
:))
Dusan writes: "Let me just state that I respect Daren his work and contribution to hack and IT community and that this comment isn't directed in any way against him or his work."
Sigh. More publicity hounds, or in this case puppies. I have no such compunctions about commenting on silly children "discovering" that pissing on a burning cigarette butt will extinguish it, which has exactly the same value as this pathetic waste of time "hacking" (to use the term very generously) a toy that has as much relevance to the UAV community as a pedal-car has to to a Corvette. This exercise doesn't even rise to the level of an elementary school science fair project. Hack my JR/Spektrum system, Daren, and maybe I'd be impressed enough to call the FCC on your sorry butt.
Now that you can buy a dangerous multicopter like the Phantom and fly it without spending weeks reading forums like this one and getting advice from people with experience I think we have to accept that theres nothing we can do to stop stupid people doing stupid things.
Who more crazy baby or dronehaters ? =)
Sadly it's going to be like endless motorcyclists YouTube watch this videos that end in accident or incident. Generally if you mention safety you are met with a wall of you old git venom from folks that know better.
-
1
-
2
of 2 Next