Research project conducted on the open source drone model name: Bebop 2
- Python 2.7-3.xx
- Wireshark
- Linux OS
- Bebop Drone 2
Linux Controller
- ARSDK3
- netifaces
- zeroconf
- tkinter
- libARNetwork
- libARCommands
Attacks
- Kali linux
- Aircrack-ng suite
- Wirless adapter (2.4/5 GHZ)
- Python scapy
Mitigations
- Macspoof
- FTP port open
- Telnet port open
- ARSDK protocol based on UDP (no sequence check)
- Use of ARP
- No password required by default
- ARP MITM attack
- Packet injection
- The drone only accepted ONE controller/ IOS/Android app controller at a time
- Sending low level forged packets will disturb drone activity if those packets don't have a method of authentication
- Captured takeoff, landing, emergency packets between drone and controller
- Inspected and disected packet payload
- From Developer pdf Page 12 --> show casing payload payload frame Datatype/Target Buffer ID/Sequence number/Total fram size/Actual data Actual data --> contains the actuall command weather it's takeoff,land,emergency land Page 13 --> specified that "The ARNetwork library will ignore out of order and duplicate data, but will still send Acks for them if requested. If the back-gap in sequence number is too high"he frame is not considered out of order, and instead is accepted as the new reference sequence number.I utilized this to forge a packet starting with a large seq and num and disturb connection between victim user and drone
- Deauth frames flood attack
- Utilizing aircrak-ng tool, send de-authenticaion to kick victim off network
- Channel hopping
- MAC address spoofing
- Use strong passwords
- close FTP port
- close telnet port --> If needed, use SSh