logo
allArticlesConferencesPresentations

MAVSH> Attacking from Above

Conference:  Defcon 29

2021-08-01

Summary

Drones can be used for hacking and penetration testing
  • Drones can be used to test RF protocols and intercept traffic
  • Regulations exist for drone usage, including no-fly zones and altitude limits
  • Drone racing allows for freedom of flight
  • CTFs sparked interest in using drones for hacking and penetration testing
The speaker discovered the potential for drones while learning to build one and exploring different use cases, including agricultural purposes and red teaming. They were inspired by a CTF challenge and began to consider using drones for hacking and penetration testing.

Abstract

Over the course of 2020 and 2021, drone enthusiasts and the FAA have been locked in a series of legal battles over the future of unmanned aviation. New regulations and restrictions, such as Remote Identification, aim to leave drone and model aviation hobbyists with a grim choice: incur countless financial costs, or lose the ability to fly freely. Not only do these regulations impact hobbyists, they also restrict our ability to use drones as recon and payload delivery tools, but the FAA gave us a loophole. In this talk, I'll share my knowledge of the MAVLink protocol and how it can be modified to take advantage of that loophole. I'll also show you how to build a drone capable of 20+ minute flights, potentially multiple miles of range, and hosting a Raspberry Pi 0 W onboard, enabling remote command execution without the use of onboard WiFi or cellular networks ALL while exploiting that loophole. Come learn how and why the FAA "Can't Stop the Signal"! REFERENCES Ardupilot: https://ardupilot.org/ https://github.com/ArduPilot/ardupilot MAVLink: https://mavlink.io/en/ Danger Drone and Defense Measures: https://resources.bishopfox.com/files/slides/2017/DEF_CON_25_(2017)-Game_of_Drones-Brown_Latimer-29July2017.pdf https://resources.bishopfox.com/resources/tools/drones-penetration-testers/attack-tools/ Watch Dogs Drone: https://hackaday.com/2018/05/27/watch-dogs-inspired-hacking-drone-takes-flight/ FAA vs RDQ: https://www.racedayquads.com/pages/rdq-vs-faa https://www.gofundme.com/f/savefpv?utm_campaign=p_cp_url&utm_medium=os&utm_source=customer https://www.suasnews.com/2021/03/racedayquads-com-vs-faa-court-case-in-defense-of-all-drone-pilots-and-model-aviators/
Materials:
Tags:

Post a comment

Related work

Network Defender Archeology: An NSM Case Study in Lateral Movement with DCOM

Conference:  BlackHat EU 2018
Authors:
2018-12-06

Don't Dare to Exploit - An Attack Surface Tour of SharePoint Server

Conference:  Defcon 29
Authors:
2021-08-01

Vulnerability Exchange: One Domain Account For More Than Exchange Server RCE

Conference:  Defcon 29
Authors:
2021-08-01

Hi! I'm DOMAIN\Steve, please let me access VLAN2

Conference:  Defcon 29
Authors:
2021-08-01

Securing the Superpowers: Who Loaded That EBPF Program?

Conference:  Cloud Native SecurityCon North America 2023
Authors: John Fastabend, Natalia Reka Ivanko

Visual Studio Code is why I have (Workspace) Trust issues

Conference:  Defcon 31
Authors: Thomas Chauchefoin Vulnerability Researcher @ Sonar, Paul Gerste Vulnerability Researcher @ Sonar
2023-08-01