Please select Into the mobile phone version | Continue to access the computer ver.
WIFI Security Vulnerabilities? SKYJACK
12Next >
2198 50 2018-2-9
Uploading and Loding Picture ...(0/1)
o(^-^)o
Hazy Jay
lvl.3
United Kingdom
Offline

Someone just posted in a goup on Facebook a Cyber Security post for some academic research they are doing. As I am interested in cyber security anyway with a working knowledge of it I did a cursory search for hacking drones via skyjacking. I wasn't surprised to learn that the vulnerability lies within the WIFI of any target drone. The hacker forcefully disconnects your drone from the legitimate source of wifi and connects it to yours so you can effectively steal it or do what you want with it.

How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack?
2018-2-9
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

I have not heard of anyone being affected by this piracy.

It's a non issue. Don't worry about the unknown... Only the police and military have this ability.

Besides, the sky is falling. Ha


RedHotPoker
2018-2-9
Use props
ALABAMA
Captain
Flight distance : 10442687 ft
United States
Offline

I'm sure that drones are waaaayyy down on the list for that sort of hacking.
2018-2-9
Use props
Jeff Millard
First Officer
Flight distance : 503635 ft
  • >>>
United States
Offline

RedHotPoker Posted at 2018-2-9 11:58
I have not heard of anyone being affected by this piracy.

It's a non issue. Don't worry about the unknown... Only the police and military have this ability.

But don’t worry, that cool gamer seat you ride in the new P5P+ has shock absorbers on it. ;-{)

Jeff
2018-2-9
Use props
Genghis9
Captain
Flight distance : 961 ft
United States
Offline

While I'd call this threat plausible it is not very likely on any given bases or timeframe.
Unless you tend to fly regularly and frequently at the same place or area the mere fact that you move around and don't hold a regular schedule makes that kind of an attack difficult to pull off.  In other words the attacker has to be in the right place at the right time with the right equipment ready to go in order to take advantage of the situation.  While plausible it is not likely, at least not for your average hobbyist.  
I would be suspicious of anyone hanging out at a fly club that does not seem interested in or actively involved in flying, but again the effort involved and planning necessary does not make that effort worthwhile.  
All in all you need to be more concerned about a bird attack, running in to a tree, or hitting a plane/helo, person, or property.  
2018-2-9
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Jeff Millard Posted at 2018-2-9 13:04
But don’t worry, that cool gamer seat you ride in the new P5P+ has shock absorbers on it. ;-{)

Jeff

Mine would need the additional bumper guards. Haha

And an umbrella for those drizzle days of spring.


RedHotPoker
2018-2-9
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Genghis9 Posted at 2018-2-9 13:10
While I'd call this threat plausible it is not very likely on any given bases or timeframe.
Unless you tend to fly regularly and frequently at the same place or area the mere fact that you move around and don't hold a regular schedule makes that kind of an attack difficult to pull off.  In other words the attacker has to be in the right place at the right time with the right equipment ready to go in order to take advantage of the situation.  While plausible it is not likely, at least not for your average hobbyist.  
I would be suspicious of anyone hanging out at a fly club that does not seem interested in or actively involved in flying, but again the effort involved and planning necessary does not make that effort worthwhile.  

As well, We have seven kinds of flying bats here, and our moths can get very large too. Haha

But the worst thing you can hit are them dratted flying squirrels. ;-)


RedHotPoker
2018-2-9
Use props
Geebax
Captain
Australia
Offline

'How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack? '

The first thing is to understand that the P4 aircraft does not use WiFi at all. It has a radio connection of a proprietary nature (Not WiFi) connecting the airccraft to the RC unit. The RC Unit has no WiFi either. The only possible WiFi connection is the phone or tablet you use to control the operation, so if you disable WiFi on that device, there is no mechanism to hack into it.
2018-2-9
Use props
Matthew Dobrski
Captain
Flight distance : 1831050 ft
  • >>>
Canada
Offline

Geebax Posted at 2018-2-9 18:20
'How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack? '

The first thing is to understand that the P4 aircraft does not use WiFi at all. It has a radio connection of a proprietary nature (Not WiFi) connecting the airccraft to the RC unit. The RC Unit has no WiFi either. The only possible WiFi connection is the phone or tablet you use to control the operation, so if you disable WiFi on that device, there is no mechanism to hack into it.

OK, it makes sense. Now, let's assume the following scenario:

1. DJI drone is up to date, flying just charmingly on my property, no issue whatsoever, no NFZ in 500 miles radius.

2. Traveling 1000 miles away into total wilderness, no NFZ in 500 miles radius (checked at home), no WiFi, no cellular, no humanoid even within VLOS ... and no flying also ... Aircraft Disconnected, no video feed, RTH auto-activated.

3. No luck with re-boot after landing, drone's blind.


4. Back-up drone is blind as well, disconnected.  

It's happen to me at least three times last summer in random places. Drove to nearest village and drone was back in order. Go figure.

The question is simple: how to avoid such situation this coming season? Would WiFi disabling eliminate any ways of ingerence into my freedom to fly, beside obvious NFZ restrictions?




2018-2-9
Use props
Geebax
Captain
Australia
Offline

Matthew Dobrski Posted at 2018-2-9 19:10
OK, it makes sense. Now, let's assume the following scenario:

1. DJI drone is up to date, flying just charmingly on my property, no issue whatsoever, no NFZ in 500 miles radius.

Were these all P4 aircraft? All I can say is my P3P always flies without any cell, WiFi or anything, and it never has any issue.
2018-2-9
Use props
Matthew Dobrski
Captain
Flight distance : 1831050 ft
  • >>>
Canada
Offline

Geebax Posted at 2018-2-9 19:36
Were these all P4 aircraft? All I can say is my P3P always flies without any cell, WiFi or anything, and it never has any issue.

No, only P3P and Inspire 1 Pro were "crippled" at random, but always both simultaneously. P4P+ - for change - was constantly struggling with chaotic NFZ data at this time ...

I believe this was the result of somehow panic DJI response to FW hacking attempts, a thing of the past remaining as a mystery. Still, it was possible somehow. Again than, what I must do to cut this umbilical cord, temporarily at least for the period of my wilderness adventures with DJI drones?

Edit: is it possible that my iPad Air2 was somehow confused in the middle of nowhere, causing trouble with Go app?

2018-2-9
Use props
CraigR
lvl.4
Australia
Offline

The list of drones that are currently susceptible to "skyjacking" (either through hijacking of the control signal/wifi or through GPS spoofing) are:

* Phantom (all)
* Inspire (all)
* Mavic
* Brezee
* Typoon
* Tornado
* Bebop
* AR.Drone 2.0

Many, if not all, drones can be hijacked quite easily
2018-2-9
Use props
Geebax
Captain
Australia
Offline

Matthew Dobrski Posted at 2018-2-9 20:22
No, only P3P and Inspire 1 Pro were "crippled" at random, but always both simultaneously. P4P+ - for change - was constantly struggling with chaotic NFZ data at this time ...

I believe this was the result of somehow panic DJI response to FW hacking attempts, a thing of the past remaining as a mystery. Still, it was possible somehow. Again than, what I must do to cut this umbilical cord, temporarily at least for the period of my wilderness adventures with DJI drones?

The only thing I can think of is the need to check your login with DJI each time you fly. My P3 is on very old firmware that never did this anyway. Stupid strategy on the part of DJI.
2018-2-9
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Thankfully RC helicopters don't have firmware that is infallible.

Who would take over a Parrot AR-Drone 2.0? Haha


RedHotPoker
2018-2-9
Use props
CraigR
lvl.4
Australia
Offline

If you want more information, try using the below text to google for info

hijacking or jamming a drone in flight
security researchers have made public vulnerabilities for these flying machines
compilation of vulnerable drone and vulnerability testing/exploit methodologies
reference of vulnerable drones
how drone vulnerability is currently exploited
2018-2-9
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

CraigR Posted at 2018-2-9 20:47
The list of drones that are currently susceptible to "skyjacking" (either through hijacking of the control signal/wifi or through GPS spoofing) are:

* Phantom (all)

Many, if not all, drones can be hijacked quite easily

Only by a well equipped and dedicated hacker who knows you are going flying and just happens to be close by at the time you choose to go flying.
How often is that likely to happen?
On a list of things to be concerned about when flying, it doesn't rate.
2018-2-9
Use props
CraigR
lvl.4
Australia
Offline

Labroides Posted at 2018-2-9 21:03
Many, if not all, drones can be hijacked quite easily
Only by a well equipped and dedicated hacker who knows you are going flying and just happens to be close by at the time you choose to go flying.
How often is that likely to happen?

The OP didn't ask if it was practical or likely to happen though...

Edit: I guess they did sort of. But to answer their question directly the answer is "not very secure at all"
2018-2-9
Use props
Matthew Dobrski
Captain
Flight distance : 1831050 ft
  • >>>
Canada
Offline

Geebax Posted at 2018-2-9 20:47
The only thing I can think of is the need to check your login with DJI each time you fly. My P3 is on very old firmware that never did this anyway. Stupid strategy on the part of DJI.

And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...
2018-2-9
Use props
CraigR
lvl.4
Australia
Offline

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

The P3 remote is a WIFI hotspot... that's your WIFI
2018-2-9
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

You can simulate remote-no wifi conditions at home by switching your tablet to airplane mode and test like that.
2018-2-9
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

CraigR Posted at 2018-2-9 21:21
The P3 remote is a WIFI hotspot... that's your WIFI

Not in the wilderness - that's what he's been asking about.
2018-2-9
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

CraigR Posted at 2018-2-9 21:16
The OP didn't ask if it was practical or likely to happen though...

Edit: I guess they did sort of. But to answer their question directly the answer is "not very secure at all"

Since he's never going to encounter the mythical hacker that could easily hijack his Phantom, so the answer is: It's never going to happen.
2018-2-9
Use props
CraigR
lvl.4
Australia
Offline

Labroides Posted at 2018-2-9 21:29
Not in the wilderness - that's what he's been asking about.

The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It
creates a mobile WiFi hotspot operating at 2.400GHz-2.483GHz that the mo-
bile device connects to.  The mobile device sends instructions and settings to
the  controller,  and  the  controller  relays  these  instructions  to  the  drone  via  a
5.725GHz - 5.825GHz radio signal"
Citation: Trujano, F., Chan, B., Beams, G. and Rivera, R. Security Analysis of DJI Phantom 3 Standard. 2016 - MIT - Boston
2018-2-9
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

OH, Mathew have you left our presence in the capital city? Haha

Oh yeah, wilderness, Alberta. Yes. Boonies... Chuckles

Has Shaw cut off your wifi modem? ;-)



RedHotPoker

2018-2-9
Use props
Matthew Dobrski
Captain
Flight distance : 1831050 ft
  • >>>
Canada
Offline

CraigR Posted at 2018-2-9 21:33
The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It

This is logical, the entire system is self-sufficient, therefore no external "intervention" (other than GPS- coordinated restrictions of NFZ) should be necessary to perform flying in remote areas far from civilization. Yet, somehow both P3P and Inspire 1 Pro were disconnected at particular places, randomly and with no pattern whatsoever. It seemed almost like an imaginary mainframe computer lost  communication with some members of the swarm and neglected drones were left in confusion. It was the most bizarre behavior I've ever encountered in my 3-years long adventure with DJI drones, never actually explained. Oh, well ...
2018-2-9
Use props
Hazy Jay
lvl.3
United Kingdom
Offline

RedHotPoker Posted at 2018-2-9 20:50
Thankfully RC helicopters don't have firmware that is infallible.

Who would take over a Parrot AR-Drone 2.0? Haha

In one type of Skyjack attack a Parrot AR is used as the 'mother' craft, sending out the hijack.

I've not posted links to demonstrations for obvious reasons but if you google 'skyjack drone' you'll find more than one way of doing it
2018-2-10
Use props
Hazy Jay
lvl.3
United Kingdom
Offline

Labroides Posted at 2018-2-9 21:31
Since he's never going to encounter the mythical hacker that could easily hijack his Phantom, so the answer is: It's never going to happen.

Likelihood was only a small part of the overall question.
2018-2-10
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

CraigR Posted at 2018-2-9 21:33
The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It

It doesn't matter if the remote is a wifi hotspot or if he enables hotspotting on his phone.
Out in the wilderness, he's not going to be able to connect with the rest of the world.
2018-2-10
Use props
CraigR
lvl.4
Australia
Offline

Labroides Posted at 2018-2-10 03:35
It doesn't matter if the remote is a wifi hotspot or if he enables hotspotting on his phone.
Out in the wilderness, he's not going to be able to connect with the rest of the world.

But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

"Many of the attacks described in here are made possible because of an unsecured
WiFi network.  While all drones are secured by WPA-PSK2 WiFi, they all share
the same default password of [...].  DJI allows users to change the WiFi
password, but this setting is hidden in the app.  As such, our main suggestion
is to force people to change their WiFi password on first use.  This will ensure
that drone’s network is protected from automatic tools that scan for SSIDs
"
2018-2-10
Use props
Labroides
Captain
Flight distance : 9991457 ft
Australia
Offline

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

Fascinating
But I was responding to posts #9 & #11 which were not at all related to the hypothetical hijacking of Phantoms.
Still if Sasquatch is out there and tooled up to hack Phantoms, perhaps .......
2018-2-10
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Hazy Jay Posted at 2018-2-10 03:23
In one type of Skyjack attack a Parrot AR is used as the 'mother' craft, sending out the hijack.

I've not posted links to demonstrations for obvious reasons but if you google 'skyjack drone' you'll find more than one way of doing it

You can have my Parrot AR-Drone 2.0 if you want to experiment. ;-)


Make a video, and post it for us to admire.... Ha


RedHotPoker

2018-2-10
Use props
Hazy Jay
lvl.3
United Kingdom
Offline

RedHotPoker Posted at 2018-2-10 12:06
You can have my Parrot AR-Drone 2.0 if you want to experiment. ;-)

I'll take you up on that as it goes. I can try this against my own p4p and play about and film each session
2018-2-10
Use props
Aardvark
Captain
Flight distance : 384432 ft
  • >>>
United Kingdom
Offline

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

You keep referring to the P3 remote hotspot, is that the P3 Standard which does operate to standard wifi protocols ? In which case it may be easy to hack as you say. Yes you could change that password (I believe).
But the rest of the P3 series and P4s use a protocol called 'lightbridge', as such it wouldn't be susceptible to the usual 'wifi' snooping tools etc.
2018-2-10
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Hazy Jay Posted at 2018-2-10 12:37
I'll take you up on that as it goes. I can try this against my own p4p and play about and film each session

I'm keen to know how one would fly both at once, with the iPad running the Go app?

How would the AR-Drone be flown, from the device screen?


RedHotPoker
2018-2-10
Use props
Hazy Jay
lvl.3
United Kingdom
Offline

RedHotPoker Posted at 2018-2-10 13:21
I'm keen to know how one would fly both at once, with the iPad running the Go app?

How would the AR-Drone be flown, from the device screen?

Ha ha

Either myself or my cybersecurity friend will fly the P4P, and vice versa the hijacking drone. This topic has opened up a large amount of discussion between us and some others in CS given that even secure wifi AP's are vulnerable to a certain type of wifi attack.
2018-2-10
Use props
Hazy Jay
lvl.3
United Kingdom
Offline

I can't openly disclose the details of how any hack would work for obvious reasons. My interest is sufficiently piqued though, just from a 'can it really be done that easily' point of view
2018-2-10
Use props
Geebax
Captain
Australia
Offline

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

'But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller'

Only the controller for the older P3 models, not even the P3P or P3A, use WiFi.
The OP specifically asked about the P4 in his opening post. The P4 does not use WiFi of any sort. Refer to my post #8.


2018-2-10
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Hazy Jay Posted at 2018-2-10 13:37
Ha ha

Either myself or my cybersecurity friend will fly the P4P, and vice versa the hijacking drone. This topic has opened up a large amount of discussion between us and some others in CS given that even secure wifi AP's are vulnerable to a certain type of wifi attack.

Cyber-security eh? Haha

They must be a friend, to offer up their time and piloting skill for a pointless maneuver.


It would be interesting to fly a Phantom 3 Standard, near an AR-Drone 2.0 both using their own generated wifi network.

Any other pairing options would be fruitless.


RedHotPoker
2018-2-10
Use props
RedHotPoker
Captain
Flight distance : 165105 ft
Canada
Offline

Here are a few novel ways to bring a drone down.;-)

https://www.wired.com/video/the-best-anti-drone-weapons-from-shotguns-to-superdrones



RedHotPoker
2018-2-10
Use props
fansb1fe1104
Captain
Flight distance : 3372566 ft
United States
Offline

Aardvark Posted at 2018-2-10 13:18
You keep referring to the P3 remote hotspot, is that the P3 Standard which does operate to standard wifi protocols ? In which case it may be easy to hack as you say. Yes you could change that password (I believe).
But the rest of the P3 series and P4s use a protocol called 'lightbridge', as such it wouldn't be susceptible to the usual 'wifi' snooping tools etc.

It seems that now that they have done away with the P3P and P3A, DJI has now upgraded the P3 Standard to Lightbridge. At least that what it seems, DJI store says "This Phantom’s newly enhanced Wi-Fi video transmission

system allows you to fly farther while maintaining a crystal

clear live camera view. The Phantom 3 SE offers reliable

control and image transmission from up to 4 km away, so

all you have to focus on is getting the best shots possible.*

Although it says newly advanced wifi ,I'm not aware of any wifi that has a 4km range, so I assume its Lightbridge. Perhaps though DJI has customized wifi somehow to get it to transmit that far?
2018-2-10
Use props
12Next >
Advanced
You need to log in before you can reply Login | Register now

Credit Rules