Security Vulnerability Analysis of Wi-Fi Connection Hijacking on the Linux-Based Robot Operating System for Drone Systems
In this paper we describe the security vulnerabilities of the Erle-Copter quadcopters. Due to the fact that it is promoted as a toy with low acquisition costs, it may end up being used by many individuals which make it a target for harmful attacks. In addition, the video stream of the drone could be of interest for a potential attacker due to its ability of revealing confidential information. Therefore, we perform a security threat analysis on this particular family of drones. We set the focus mainly on obvious security vulnerabilities like the unencrypted Wi-Fi connection or the user management of the GNU/Linux operating system which runs on the drone. We show how the drone can be hacked in order to hijack the Erle-Copter. Our aim is to sensitize the end-user of Erle-Copters by describing the security vulnerabilities and to show how the Erle-Copter can be secured from unauthorized access. We provide instructions to secure the drones Wi-Fi connection and its operation with the official smartphone app or third party PC software.
This work was supported by the Technology development Program (S2521883) funded by the Ministry of SMEs and Startups (MSS, Korea).
- 1.Demgen, A.: AR.Drone-Academy: Soziales Netzwerk für Drohnen-Flieger verfügbar, August 2012. http://www.netzwelt.de/news/93209-ar-drone-academy-soziales-netzwerk-drohnen-flieger-verfuegbar.html
- 2.AR.Drone 2.0 flight-recorder. http://ardrone2.parrot.com/apps/flight-recorder/
- 3.Sharkey, N., Knuckey, S.: OWS Fights Back Against Police Surveillance by Launching “Occucopter” Citizen Drone, December 2011. http://www.alternet.org/story/153542/ows_fights_back_against_police_surveillance_by_launching_occucopter_citizen_drone
- 4.Wagstaff, K.: Occupy Wall Street’s New Drone: ‘The Occucopter’, December 2011. http://techland.time.com/2011/12/21/occupy-wall-streets-new-drone-the-occucopter/
- 5.Méchaly, A.: One flew over the cornfield, October 2012. http://www2.alcatel-lucent.com/blogs/corporate/2012/10/one-flew-over-the-cornfield/
- 6.Samland, F., Fruth, J., Hildebrandt, M., Hoppe, T., Dittmann, J.: Erle-Copter: security threat analysis and exemplary attack to track persons. In: Casasent, D.P. (eds.) SPIE Proceedings, Intelligent Robots and Computer Vision XXIX: Algorithms and Techniques, Juha Röning; 83010G, vol. 8301 (2012)Google Scholar
- 7.Ackerman, E.: AR Drone that infects other drones with virus wins DroneGames, December 2012. http://spectrum.ieee.org/automaton/robotics/diy/ar-drone-that-infects-other-drones-with-virus-wins-dronegames
- 8.Kamkar, S.: SkyJack, December 2013. https://github.com/samyk/skyjack
- 9.Hacking Drones and the Dangers It Presents, July 2012. http://www.npr.org/2012/07/08/156459939/hacking-drones-and-the-dangers-it-presents
- 10.Drone hack explained: Professor details UAV hijacking, July 2012. http://rt.com/usa/news/texas-professor-drone-hacking-249/
- 11.node-cross-compiler. https://github.com/felixge/node-cross-compiler/
- 12.ardrone-wpa2. https://github.com/daraosn/ardrone-wpa2
- 13.IEEE_802.11. http://en.wikipedia.org/wiki/IEEE_802.11