[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Unrevealed Secrets of MAL-Drone
From: jack ana <meeta10x () linuxmail ! org>
Date: 2015-01-30 9:38:29
Message-ID: 990778550.226768.1422610709855.JavaMail.tomcat6 () ibriss06 ! dlan ! cinetic ! de
[Download RAW message or body]
[Attachment #2 (text/html)]
<body bgcolor="" style=""><pre>MAL-Drone
Some digital-media prints the news & thousands & thousands of collectors gathers the \
news for re-publishing.It seems around 5% of spam can be contributed to digital media reprint \
edition. Lets examine the Mal-Drone case today from forbes.
http://www.forbes.com/sites/thomasbrewster/2015/01/27/malware-takes-down-drone/
Google https://www.google.co.in/?gws_rd=ssl#q=Maldrone+rahul+sasi
About 1,950 results (0.34 seconds)
In less than 24 hrs around 2k results :)
Intro:
Maldrone: Watch Malware That Wants To Spread Its Wings Kill A Drone Mid-Flight
Hacking is yet again taking to the skies in 2015. An India-based Citrix security engineer has \
just figured out how to hack into a Parrot drone and install malware on it. This is, despite \
what other reports claim, not the first time this has been done. But what makes the malware, \
dubbed Maldrone, different is that it is designed to work across drone types.
In his tests, Rahul Sasi tried Maldrone on a Parrot AR, which he knew he could exploit thanks \
to a previously documented attack method. Though he had to be in close proximity to the drone, \
Sasi was able to infect the aircraft with the malware, which would act as a link, or proxy, \
between the flying machine and a hacker. Information would then be sent back to the hacker and \
allow them to interact with the drones navigation functions.
In the video below, Sasi hacks the drone, it connects back to his PC giving him control over \
the machines sensors. He then issues a kill command. He could also have told the drone to fly \
wherever he wanted, or use it for remote surveillance, Sasi claimed.
SkyJack has done the same thing in 2013 two years back. http://samy.pl/skyjack/
Few Questions to Rahul Sasi:
1] Whats basic difference between skyjack & maldrone ? Lets hope maldrone is not coded in \
perl just like skyjack. 2] You are a citrix researcher,whats your & citrix contribution in \
maldrone ? Thanks citrix for such stunts. 3] what type of communication protocol does \
parrot-drone(maldrone) uses like C-band data link or a Ku-band satellite ? 4] How did you spoof \
the Military GPS of the drone or is it civillian GPS.if civillian GPS how did you spoof it ? 5] \
From how much distance can you hijack the drone 1 or 2 yards. will your maldrone work beyond 3 \
yards. 6] Did you use GPU-cuda/rainbow tables to crack encryption.
7] At what frequency Synthetic Aperture Radar Receiver/Transmitter of maldrone works ?
8] How did you bypass the following ?
a] Consistency of navigation inertial measurement unit (IMU) cross-check
b] Polarization discrimination
c] Angle-of-arrival discrimination
9] Apart from toy-drones can you name a single drone where maldrone can be used as-is or in \
modified versions ? 10] Is it possible to convert maldrone-attack to malcar-attack on remote \
toy cars(RC)? One last question below
11] IN the adjacent interview[ \
http://www.theregister.co.uk/2015/01/27/malware_backdoor_makes_parrot_ar_drones_squawk/ ] \
Rahul sasi said
"Sasi spent five months reversing the proprietary AR Drone program.elf and developing Maldrone \
and would over the coming year attempt to hack industrial drones."
How/why did you reverse the program.elf parrot firmware for 5 months if its open source,freely \
to download ??? download link https://github.com/ardrone/ardrone
If it took five months to copy/paste open source code then you can guess yourself how many \
decades will it take to reverse-hack closed industrial drones firmware.
Rahul sasi also added: "Once my program kills the actual drone controllers, it causes the \
motors to stop and the drone falls off like a brick," Sasi said. "But my backdoor instantly \
takes control so if the drone is really high in the air the motors can start again and Maldrone \
can prevent it from crashing."
See below the hard work of following guys who have won free fall competition in 2011.This \
free-fall & take auto-control code can be downloaded from below.
At GCER 2011, Dr. David Miller announced that the AR.Drone would be used in a fall competition; \
this became the KIPR Autonomous Aerial Vehicle Contest, in which we placed first in December \
2011. Our victory was mainly a result of custom libraries which we had developed. \
http://files.kipr.org/gcer/2013/proceedings/Rand_Hacking_AR_Drone_1.pdf
It would be very great of you if you can be little technical in your interview.Its very easy to \
do republish-spam campaign now a days.Its amazing to see peoples like sasi can also reverse \
open-source program.perhaps Citrix should start using such rare talent in their products or \
services.
SkyJack is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in \
order to get its wifi card into monitor mode, detects all wireless networks and clients around, \
deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone \
as its owner, then uses node.js with node-ar-drone to control zombie drones.
Can we see some great research,someone.
- Guyz Happy Hacking :) We should stop encouraging such script kiddies things & should \
start supporting genuine research.<br /><br /><br /></pre></body>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic