Attack of the Drones - Part 2

When speaking of drone attacks, most people think first about risky encounters between remote-controlled drones and commercial aircraft (/node/215376) or drones used for malicious airborne snooping and pen-testing (/node/175608). However, businesses exploring commercial drone applications face a completely different challenge: keeping those remote-controlled business drones safe.

Earlier this month at DEFCON, attendees learned about two new drone attacks.

In his session “Knocking My Neighbor's Kid's Cruddy Drone Offline" (http://bit.ly/1LBnmD9) Professor Michael Robinson described how the Parrot P7 Drone can be attacked through its open-by-default Wi-Fi connection. By using a Pineapple-generated Deauth frame, an attacker can easily prompt a Parrot to reconnect to another Controller. The attacker can then send commands to the drone’s open Telnet port to effectively hijack the device. Or, the attacker can exploit the drone’s open FTP server port to download or delete media previously captured by the drone.

Over in the DEFCON Internet of Things Village, security consultant Ryan Satterfield demonstrated how the Parrot AR Drone’s open Wi-Fi connection and Telnet port could be exploited to gain root access to the device. From this vantage point, the attacker can carry out a wide variety of malicious actions – for example, killing flight control processes to cause the drone to immediately fall from the sky (see this demo for yourself at https://youtu.be/gMKNexI5dNc).

This isn’t the first time that drone attacks have been presented at DEFCON or BlackHat, but given the growing number of businesses now exploring commercial drone applications, it’s time for drone manufacturers such as Parrot and their customers to heed this wake-up call.

Most drones are Wi-Fi devices and can be attacked via 802.11 and RF interference just like any other kind of Wi-Fi device.

As such, it’s important to take steps to harden business drones against attack. For example:

1. Choose a drone that supports WPA2 or can be upgraded to do so. As we all learned over a decade ago, an open Wi-Fi connection just invites snooping and attacks.
2. When using WPA2-PSK, choose a robust password as recommended in http://bit.ly/1i92wkV to avoid PSK cracking
3. Assess each drone device’s vulnerabilities. Wherever possible, eliminate unnecessary services and limit access to the rest – for example, using MAC ACLs and non-default passwords to make it harder for attackers to gain unauthorized access.
4. Review drone log files to detect signs of attempted or actual airborne attack.
5. For drones operated in your own airspace, use a Wireless IPS such as Fluke AirMagnet Enterprise to spot traffic such as Deauth attacks, Wi-Fi Pineapples, RF jamming, etc.
6. Keep an eye on the National Vulnerability Database for newly-reported drone bugs and apply patches.

These are fairly basic best practices long applied to other kinds of Wi-Fi devices. Drones do present some challenges – for example, they often operate in public airspace, making them harder to monitor than on-prem Wi-Fi devices. And certain mid-flight DoS attacks can be deadly for a drone. But businesses considering commercial drone applications should take a hard look at these common Wi-Fi device vulnerabilities and countermeasures. Don’t repeat the same old Wi-Fi security mistakes with this shiny new technology.