paparazzi-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Paparazzi-devel] Securing the Paparazzi drone

From: David Conger
Subject: [Paparazzi-devel] Securing the Paparazzi drone
Date: Mon, 24 Aug 2015 16:08:40 -0400 
I have mentioned security in the past. I remember making an ARDrone
fall from the sky in a part in Toulouse from my iPhone as a
demonstration these drones are too insecure...sorry guys for that I
made sure it was only a few feet from the grass before pressing enter
:]
Three years later at BlackHat a much more public demonstration of the
same got a lot of attention. I was surprised this gaping security hole
still exists. Open root access to a flying robot???
I propose a simple fix I do all the time to any Linux system I work with:
1. exchange ssh keys
2. disable password login completely for every account
3. disable root login, do not use root at all (sudo) and monitor root
access of any kind
Has anyone considered simply exchanging id_rsa.pub files, disable
password login, the simple things are often the best. For any server I
manage there are no password logins or root logins allowed ever. They
key can be generated somewhere else and if the right files are
exchanged it works fine. cfengine can easily mass setup systems (read
drones at the factory) with security in place before shipping to
eliminate sending them out all open to the world for root. So easy to
do pls consider it vendors.
Paparazzi is not nearly as insecure from ENAC. Smart minds enabled a
HASH "key" exchanged at compile so the drone refuses messages without
the proper key. Now however we are running Paparazzi on less secure
platforms so it is time to address security again.

As Parrot uses Linux and it should be trivial to implement ssh key
exchanges at the factory using automation (cfengine is nice). I have
setup cfengine scripts to build entire Oracle RAC clusters from bare
metal so I know what goes on the ARDrone is easily doable this way.

Initial drone security (also Skycontroller) would be the 3 steps
given. Now with keys in place your programmers on the ground can
interact with the drone without sending any passwords over the air and
with sudo all steps required can be done, safely.

Is there anyone with questions? If so just ask I'm glad to help. I
have already seen one video where someone uses aircrack-ng to send a
WiFi deauth packet then connects and takes over control of the drone
using automated scripts from a flying Raspberry Pi with Wifi. Trivial
to do really but sadly it's so trivial to do. Let's fix this together!

-David
reply via email to
[Prev in Thread] Current Thread [Next in Thread]