Metasploit for drones? Best of luck with that, muses veteran tinkerer
Been down this path and it ain't that easy, says man who knows
Black Hat Europe A veteran drone hacker reckons the recent release of the Dronesploit framework won't go down quite as its inventors hope.
Alexandre D'Hondt and Yannick Pasquazzo gave a quick talk about Dronesploit during Black Hat Europe, held in London last week.
The duo aim to produce a Metasploit-style CLI framework tailored for tinkering with everybody's favourite unmanned flying objects. At the moment, they say their framework is able to sniff comms for "Wi-Fi controlled light commercial drones", with plans to include radio-controlled drones and eventually "more complex" craft.
Although their presentation included a DJI-branded Tello drone, these are actually white-label products made by Chinese startup Ryze Robotics with a dollop of DJI branding, as the larger company's online store makes clear.
During their Black Hat presentation, the Dronesploit devs gave a live demonstration of sniffing and deauthenticating WPA2-PSK credentials protecting the command-'n'-control stream for a couple of quadcopters. These were of a type originally marketed by US-based Hobbico, which entered bankruptcy and was liquidated in 2018 – meaning there's no obvious point of contact for reporting discovered vulnerabilities.
Most meaningfully, this means they don't have any immediately actionable exploits for drones made by DJI, which will be what the market wants given DJI's near-total dominance of the worldwide small drone market.
Veteran drone hacker Kevin Finisterre, having taken a poke around the Dronesploit GitHub, told The Register: "If it were me, I'd demo my hot sauce, not my weak sauce. They don't appear to have any actual head busters writing exploits."
This is a wonderful concept as a whole but it needs talent to support it being effective. Not saying these folks lack talent, but they need quite a bit of man muscle to make this viable.
Finisterre added that in his own drone-hacking research, including efforts to build a community around drone hacking, he had seen that it is "difficult to harness the drone community for free/open-source work" and said he'd be surprised if anyone were to donate "any valuable drone exploits that can be monetised".
Clearly it's early days for the Dronesploit devs.
Drone hacking focused on DJI products has a bit of a history. The company uses GitHub and fell foul of the classic "oops that shouldn't be on there" mistake that we've seen penty of times before. It also rolled out a bug bounty programme in 2017, following numerous public vuln disclosures.
While the academic interest in drone hacking is high, the real-world consequences of drone misuse is becoming increasingly hard to ignore. ®