MAL-Drone
Some digital-media prints the news & thousands & thousands of collectors gathers the news for re-publishing.It seems around 5% of spam can be contributed to digital media reprint edition.
Lets examine the Mal-Drone case today from forbes.
http://www.forbes.com/sites/thomasbrewster/2015/01/27/malware-takes-down-drone/
Google https://www.google.co.in/?gws_rd=ssl#q=Maldrone+rahul+sasi
About 1,950 results (0.34 seconds)
In less than 24 hrs around 2k results :)
Intro:
Maldrone: Watch Malware That Wants To Spread Its Wings Kill A Drone Mid-Flight
Hacking is yet again taking to the skies in 2015. An India-based Citrix security engineer has just figured out how to hack into a Parrot drone and install malware on it. This is, despite what other reports claim, not the first time this has been done. But what makes the malware, dubbed Maldrone, different is that it is designed to work across drone types.
In his tests, Rahul Sasi tried Maldrone on a Parrot AR, which he knew he could exploit thanks to a previously documented attack method. Though he had to be in close proximity to the drone, Sasi was able to infect the aircraft with the malware, which would act as a link, or proxy, between the flying machine and a hacker. Information would then be sent back to the hacker and allow them to interact with the drones navigation functions.
In the video below, Sasi hacks the drone, it connects back to his PC giving him control over the machines sensors. He then issues a kill command. He could also have told the drone to fly wherever he wanted, or use it for remote surveillance, Sasi claimed.
SkyJack has done the same thing in 2013 two years back. http://samy.pl/skyjack/
Few Questions to Rahul Sasi:
1] Whats basic difference between skyjack & maldrone ? Lets hope maldrone is not coded in perl just like skyjack.
2] You are a citrix researcher,whats your & citrix contribution in maldrone ? Thanks citrix for such stunts.
3] what type of communication protocol does parrot-drone(maldrone) uses like C-band data link or a Ku-band satellite ?
4] How did you spoof the Military GPS of the drone or is it civillian GPS.if civillian GPS how did you spoof it ?
5] From how much distance can you hijack the drone 1 or 2 yards. will your maldrone work beyond 3 yards.
6] Did you use GPU-cuda/rainbow tables to crack encryption.
7] At what frequency Synthetic Aperture Radar Receiver/Transmitter of maldrone works ?
8] How did you bypass the following ?
a] Consistency of navigation inertial measurement unit (IMU) cross-check
b] Polarization discrimination
c] Angle-of-arrival discrimination
9] Apart from toy-drones can you name a single drone where maldrone can be used as-is or in modified versions ?
10] Is it possible to convert maldrone-attack to malcar-attack on remote toy cars(RC)?
One last question below
11] IN the adjacent interview[ http://www.theregister.co.uk/2015/01/27/malware_backdoor_makes_parrot_ar_drones_squawk/ ] Rahul sasi said
"Sasi spent five months reversing the proprietary AR Drone program.elf and developing Maldrone and would over the coming year attempt to hack industrial drones."
How/why did you reverse the program.elf parrot firmware for 5 months if its open source,freely to download ??? download link https://github.com/ardrone/ardrone
If it took five months to copy/paste open source code then you can guess yourself how many decades will it take to reverse-hack closed industrial drones firmware.
Rahul sasi also added: "Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick," Sasi said.
"But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing."
See below the hard work of following guys who have won free fall competition in 2011.This free-fall & take auto-control code can be downloaded from below.
At GCER 2011, Dr. David Miller announced that the AR.Drone would be used in a fall competition; this became the KIPR Autonomous Aerial Vehicle Contest, in which we placed first in December 2011. Our victory was mainly a result of custom libraries which we had developed. http://files.kipr.org/gcer/2013/proceedings/Rand_Hacking_AR_Drone_1.pdf
It would be very great of you if you can be little technical in your interview.Its very easy to do republish-spam campaign now a days.Its amazing to see peoples like sasi can also reverse open-source program.perhaps Citrix should start using such rare talent in their products or services.
SkyJack is primarily a perl application which runs off of a Linux machine, runs aircrack-ng in order to get its wifi card into monitor mode, detects all wireless networks and clients around, deactivates any clients connected to Parrot AR.drones, connects to the now free Parrot AR.Drone as its owner, then uses node.js with node-ar-drone to control zombie drones.
Can we see some great research,someone.
- Guyz Happy Hacking :) We should stop encouraging such script kiddies things & should start supporting genuine research.
|
