Parrot drone pwned (and possibly killed) with Wi-Fi log-in

If it wasn’t for the Bluetooth link it would be pushing up the daisies

Monty Python dead parrot sketch

Lack of security in the Wi-Fi link to the Parrot AR drone allows it to be blown out of the sky by telnetting in and killing the process.

Ryan Satterfield, who describes himself as an ethical hacker and runs consultancy Planetzuda.com, explains on his YouTube channel that the Parrot drone hack was demonstrated at DEF CON 23.

YouTube Video

The AR drone is controlled by Wi-Fi from a smartphone app but while a Bluetooth link would be paired and only the users phone would work with it, the Wi-Fi isn’t hidden and there is no password.

There is no obfuscation or protection through the app. The drone flies around with an open connection. The default Telnet port 23 is left open so anyone within Wi-Fi distance of the AR Drone can log in to its Busybox implantation of Linux. You automatically get root access.

Just typing “Kill 1” terminates the flying and the drone drops from the sky.

A more sophisticated vuln was also demonstrated at DEF CON. Boffin Michael Robinson, from Stevenson University in Maryland and George Mason University in Northern Virginia showed how with the free Parrot app it was possible the pwn the Parrot in-flight.

Using a Wi-Fi "de-auth" attack, they disconnected the legitimate user and took control with their own implementation of the app. This would allow them to steal the drone.

The Register has contacted Parrot for comment but no-one was immediately available. ®




Biting the hand that feeds IT © 1998–2018