Hey, everyone. Thanks very much
for coming. God, this talk was fun to make and I'm glad it
follows up the last one. I have a few -- some of the stuff that
I present is a little different than the stuff that they talked
about, so just to get a few things out of the way, a couple
of shot-outs to some guys who helped me, some of them could be
here, some of them couldn't. There's a few folks who wanted
to be nameless so their names are printed in black.
(Laughter.) So we're going to kick it off. My neighbor and his
kid are just annoying snots, right? Insert your own
four-letter word. And, God. And the problem is way too much
discretionary spending, because all of a sudden one day, this
thing showed up. And the kid is following it around all over the
neighborhood. And you can tell because he's crashing into every
car, every house, every tree, and he's running down the street
with it. And at night it's really obvious what he's doing.
Because it just shows up and it's like really, dude? That's
what the Internet is for. (Laughter.) And my initial
response of all that stuff is, hmm -- (Laughter.) Take that,
you little bastard. (Applause.) But if you were here in the last
presentation, they say shooting down drones is a problem and
that's okay. I don't want someone shooting down mine. But
this got me to thinking. What if the following things were to
show up. Such as maybe this? (Laughter.) Not hard to do. It's
actually made the news. Some guys up in New England started
mounting semiautomatic pistols to their homemade drone.
Interesting. What if this showed up? (Laughter.) I can see the
first shot being fairly accurate. After that, no one's
business. What would happen if this showed up? Yet, not as
cool. So I started looking around the line and it turns out
there are a bazillion regulations and everyone is
trying to regulate unmanned aircraft systems, UASs. And it
turns out most of the regulations that are out there
are not to restrict hobbyists. Most of them are there to
restrict the government's use of quad copters and drones and
there's a lot of attacking going on on the commercial space where
you have to get certain FAA approval to fly. It turns out I
was flying my DJI phantom 3 while testing for this
presentation over a parking lot and I was watching it and a guy
came up right behind me and he goes hi, I'm actually from DHS's
enforcement division for drones in the DC area and I'm like,
yeah. He goes do you know what the rules are? Yeah. He goes,
are you doing this for commercial use. I said no. He
goes okay, see ya. (Laughter.) And I followed him and I
wouldn't let him be, I'm like hey, I've got questions. He's
like dude I've got so many problems about guys flying those
things around. He said a guy flew his quad copter over
nationals stadium and lost it. And I said, well how did you
ever find the guy? And he said, easy. Most of the guys who lose
these things, you see them running over the hill with their
controller, have you seen my drone? Right? (Laughter.) And
I'm like really? He goes, yeah. At which point we were waiting
for him and we scooped him up. But it turns out that
noncommercial use, hobbyist use of drones is largely not
regulated. There are a few things that are out there,
right, there are no-fly zones around Washington, D.C. and it
centers around the White House and it goes out 15 miles.
There's actually supposed to be a no-fly zone of five miles
around the airports unless you get permission. Apparently the
ceiling is supposed to be graduated as you get closer the
ceiling goes down but FAA tries in some of their literature just
say five miles, that's it. It turns out you're not allowed to
fly on military bases. That's considered bad. This came up in
the last presentation. You are not allowed to launch or land
from a national park. However, you are allowed to fly in their
air space. It is not theirs to regulate. However, they can cite
you for reckless endangerment if it potentially could crash on
someone. And they get people on that and they confiscate the
drone there. There was a guy out over the Grand Canyon filming
some sunset, people complained. The guy in the smokey the bear
hat showed up and took the guy away with his drone. There are
temporary flight restrictions that are issued for disaster
areas, wildfires, stadiums, large assemblies and whenever
there's going to be a presidential visit and they do
it several hours before and during the visit. You are not
allowed to mount a gun on a UAS because technically it becomes a
weapon system. There is a 400 foot ceiling. Amazon is
petitioning to try to get 700 feet for themselves to deliver
packages and they want a ban of 100 feet from everyone. You have
to also fly it in line of sight and I have counted 16 states who
have enacted their own laws. Technically the guys I spoke to
who do enforcement, a lot of that air space is not theirs to
restrict. The five-mile area around airports essentially
knocks out almost all of New York City, with the exception of
a few parks, you're not allowed to fly above the sidewalks in
New York City because of the reckless endangerment and safety
issue. In the hobbyist area, there's a whole bunch of
restrictions that come up. Right? If you don't do it for
commercial use, you're under 55 pounds, you're not interfering
with any manned aircraft, you can be good to go. That's nice
and all, but most people don't know the rules because everyone
and their brother is trying to create them. This is a listing
of all the no-fly zones on the eastern side of the U.S. And
damn, that's a lot of them. If you log into parrot's website,
this is a listing of all the recordings that got
automatically updated to their website that shows everyone who
is flying on the eastern side of the U.S. Isn't that interesting?
Over 2,000 flights in DC which is technically a no-fly area and
over 2,000 flights in New York City. If you do a quick overlay
of the maps (Laughter.) Yeah, it turns out people are flying in
areas they don't know about. And if they're smart, you know, I
say it's interesting. And that's nice and all that the rules are
all there. But my neighbor's kid is still annoying and I know he
doesn't read and he's not getting the appropriate parental
guidance. So that brings me to the bigger question, is there
any way to take that thing down? Graceful or ungraceful. I
thought there might be a couple of ways. There's a couple, I can
think of a few ways. (Laughter.) But maybe something a little
more subtle would suit our needs. So maybe the next time
he's there, he doesn't capture video, maybe it knocks it down
and it flies away. And if you've ever seen this guy crash, he
actually bounces like that. So let's take a quick look. I'm
going to take a look at two different drones, two of the
more popular ones on the market. One is going to be the Parrot
which has a 1080 p lens on the front and the other one is
looking at the new DJI phantom 3. If we start looking at the
Parrot drone we get a rough listing of the specs. We've got
a quad core, memory, a top horizontal speed of 45 miles an
hour, wow. Linux. But if you look carefully at the specs,
hmm. (Laughter.) The thing is its own flying router with DHCP
enabled. Awesome. (Applause.) There's something else I found
really interesting if you read the specs, it's got a really
interesting GPS chip in there, using American GPS and
Russian-based GPS. So what happens if I muck with that?
There's a couple of other things that kick in. The
free-flight-three app is installed on your android device
or your iOS device. You can get updates to that. If an update
comes that you don't have to forcibly install that update.
You can ignore it. It doesn't come through the app store. It
is just sitting there and it checks their website so you can
apply the update. A couple of other things that are
interesting. The return to home function. I'm sitting here
thinking if he's flying near me and I want to swat it and get it
away, maybe I can take advantage of the return to home function
and send that thing back to home. The height distance thing
is very interesting. If the thing is flying above 10 meters,
it will fly back to its original return to home point. If it's
flying less than 10 meters, the thing will automatically shoot
up 30 feet, turn, face home and fly home in a straight line. So
if you have a house where you can pick up GPS and say you're
in your living room with a ceiling fan, you may not want to
hit the return to home feature because that gets very ugly
fast. That's how I lost my first drone. (Laughter.) There is
something else I wanted to take a look at, and I see this in
your documentation. If the bee bop drone loses connectivity
with the controller for 30 seconds, this thing is supposed
to fly home. Hmm. That makes me want to say what would happen if
I screw with the wi-fi signal or what happens if I screw with GPS
or what happens if I introduce a magnetic field around the thing.
So let's go through it real quick. This thing actually flies
with it's own mac address, we can actually scan this with a
number of tools. I happy to have a pine apple router around. I
didn't use Darren kitchen's infusion which is really cool.
But it's neat. There's an underlying wi-fi connection that
gets established between the two devices and on top of that the
applications talk to one another. So let's introduce
ourselves a little mischief, shall we? What happens if we D
off our original connection for, say, 30 seconds? It turns out
the return to home function did not work direct correctly for
me. And I did this like five times. I lost like six
propellers at the time doing this test. Here's what it looks
like when this thing gets D off for 30 seconds. It sits there
and flies, it just landed. All of the rotors stopped at the
same time and got straight down. Maybe it got lost and thought
that was going to be home I don't know. But clearly that
didn't work so now I can walk out to my property and pick it
up. You want it kid, come and get it. Maybe there's something
else we can do. I got it. Let's give it a quick scan. And it
turns out when we scan it with M map -- (Laughter.) Yup, it's a
flying FTP server just floating around. Oh, that's awesome! I
have ten devices simultaneously connected to this guy all at
once. Only one app was talking but the other nine were sitting
there waiting. We'll get back to that in a second. It turns out
this thing is a flying FTP server and there are two
particular directories I found interesting. One was the media
directory, where the little monster next door was filming
videos. And the other was a thumb nail directory. No
authentication was required to connect over FTP. I think that's
fantastic. So I was sitting there thinking while it was in
flight (Laughter.) Maybe I can grab his pictures and replace
him with something like that. (Cheers and applause. ) That was
a fun day. That was cool. So dude, I'm taking videos you got
of the neighbors because maybe I want to see what they look like.
(Laughter.) But then there's this monstrosity. While the
thing is flying. So I telnet into the box and here is a
listing of the entire structure right there. It's running busy
box from like three years ago. This thing I purchased just a
couple of months ago for this presentation and they never
updated busy box. There have been ten updates to busy box
since this came out but they haven't updated it. But I want
you to look carefully at three things for me. Take a look at
those shell scripts sitting right there. So I took drone
number two, this gets to be a very expensive research project
soon. He was hovering in my kitchen. I telnet directly to
the box and all of a sudden I see that. (Laughter.)
(Applause.) I'm like that's pretty cool. So I wonder what
happens if I type in this and hit enter. I am suddenly greeted
with all of that. I was sitting there working in the kitchen, it
was hovering, and all of a sudden it took out my stove.
(Laughter.) I was thinking the shutdown feature would
gracefully shut down the rotors and down it would go. This
thing, there was no graceful shut down. It literally flew
right by. So if I was one of those cool dudes who got like
carbon fiber blades, this is what it looks like in the park.
Hit the command there, boink, and down it goes. There is no
restart from that. If you go look at some of the software
exploits that are out there, this thing is off. It's done. By
the way, in case you missed it, because it always looks better
in slow motion. If it's running near a wall it gets updraft and
there's no telling where it is going to go. I was going to do
that in here today. I fired this up this morning and six
wonderful conference attendees had connected to my open telnet
connection. (Applause.) I'm not bitter, but you did steal my
thunder. So there's another thought. I mean, shutting that
thing down, great. So I had a coworker who looked at it and
says that's not really epic. You should launch that thing like
400 feet in the air and crash it. And I'm like well give me
your drone. (Laughter.) So why don't we just take the damn
thing, right? Kid, you knocked your ball into my yard, I'm
going to take it. So we actually have two simultaneous
connections to the same drone at the same time. If I am sitting
there and again, remember, I have like ten devices all
connected to it simultaneously. This is what it looks like from
the iPad that is currently controlling the beebop drone. It
has access, it's hovering at 1 meter. I ran this inside a hotel
lobby, they were not happy. This is what my iPhone sees. Okay.
I'm connected to the network, but my app's not connecting.
This is what we have. Hey, wait a second. Why don't I just send
a quick D off. The moment that D off kicks in, the controller
automatically says I'm disconnecting. Right away. He is
automatically having a bad day. So the question I have for you
is, in this race condition, who's going to win? If he is
running an iPad anywhere near indoors, he is going to pick up
his home network or any other network before he picks up his
beebop drone connector, which I think is great. Which means he
is going to sit there and try and reconnect, even though his
underlying connection is not there and it's going to freeze.
Meanwhile on my iPhone, I've connected. I'm there. And I was
sitting there and I connected. My wi-fi connection was good.
Note the altitude on this. It now things it was zero. Thing
was 3 feet in the air so it didn't get an update for that.
Which means I'm off and running and now I'm the guy who is in
charge of that drone and he can't do anything about it. If I
click the button at the top that says emergency, that thing just
falls from the sky and away it goes. Which I think is great.
One of the other thing that kicks in with the free flight
app that runs on top of the network connection, again, it's
going to pair to any other network before it comes back to
this particular drone and I think that's fantastic. Now for
those little enthusiasts who have more money, the bee bop
drone comes with an optional sky controller that looks like this.
It's supposed to be a range extender. It turns out that that
is its own wireless access point too. And it's wide open. Which
means we can D off in one of two spots. If we D off between the
iPad, which is literally just sitting in the cradle, it is not
tethered, it's just sitting there connecting wirelessly. If
I D off that, and I connect my iPhone or my iPad to it, all of
a sudden I get these little controller icons sitting right
there. Which means I have control of you. If I'm nice I
will temporarily send control back to your controller and I
will steal it away from you and I can go back and forth. Which
means he's going to respond all over the place. Which means he's
mine. I don't have to worry about it. I think coding would
be great, writing an exploit would be great, but the app is
free. It's already been developed and telnet is wide
open What happens if we start looking at other areas like GPS.
This is interesting because if you pull up the specs there are
several specific frequency ranges used in the U.S. and
several frequency ranges used with the Russian GPS system.
What if we screw with those signals? Now, there's one tiny
little problem with that. It's illegal. Like 18 different ways
of illegal. Like you are currently fined $16,000 for
every day that you do this, up to $112,000. And if you go to
the FCC's website they have a spot where they report people
and a list of all people they send notice to and fined. So
what to do? I talked to the DHS guy. I said hey, I was thinking
about doing research and his flat answer was are you going to
cite my name? I go of course not. He goes they would never
catch you if you do it just once. They can't. Okay. So I
spoke to an attorney, an attorney said yeah, it's still
illegal no matter what. They could still come get you. I'm
like you're no fun. I was speaking to a cop, and he said
you know, if you go back and read the specific intention that
shows up on the FCC's site, they don't want you to put anyone in
danger. You can't disrupt anyone else's signal. If you showed up
here 20 miles away from everything in the woods and you
were being supervised, hypothetically you could test
and no one would know. I'd like to introduce you to my new
friend. Selling and manufacturing and importing and
all that good stuff related to GPS jammers is illegal. This is
a test jammer and hypothetically one could pick this up online
for a very reasonable price of $25. (Laughter.) He is
specifically designed to block these particular frequency
ranges. He also has an effective range of about 20 meters. Which
is kind of creepy. So I go out, hypothetically, with some people
to do a test and I'm sitting there observing. We do the test,
at which point the police officer says I'm going to take
your equipment now. I'm like, really? He goes, yes. There's no
way I can let you walk away with that and it's gone. So it's been
confiscated in history. But if we were to run that type of
generator on the bee bop drone while he was flying, the return
to home feature automatically fails instantly. From the point
of view of the drone it is currently flying, it has GPS and
all of a sudden everything stops. He automatically goes to
hover mode. He doesn't move forward, he doesn't move back.
He just freezes. And if he gets GPS signal again, he doesn't
resume his take-home function, he just stands there. I'm lost,
just looking around. Which I think is an interesting thing.
It doesn't interrupt what the home position is, it just
interrupts the flight home. The same thing if you flew under a
bridge or under some dense trees all of a sudden this thing stops
in place which can be a problem. Introducing a magnetic field
around the device, say magnets from hard drives actually have
no observable effect on the guy which was a little disappointing
for me. If you're thinking about taking over someone's drone, say
at the hotel at 6:00 in the morning you bastard, there's
going to be references on your devices that you've made
connections to the device. Very specifically you want to take a
look at 9 file from your iOS devices and delete that because
that will have the date stamps and time stamps and the serial
numbers of your drone and my phone and you might want to
smudge them out if you can. This thing, I would never fly it
around any of you ever. What if we took a look at something
bigger though. Something bigger than the bee bop drone. Okay,
not that big. Maybe if we took a look at the phantom 3 that just
came out this past June. What can we do there? If we look
specifically at these specs, this thing is designed to have
certain geofencing in place because of incidents that
occurred earlier this year. It can fly up to several hundred
meters away without an issue. The top horizontal speed is
about 35 miles per hour on that. It uses both GPS systems as
well. In some geofenced areas it will give you a warning that
says you're in a bad spot and others you're supposed to take
it down where it uses an automatic landing sequence. This
thing is very freaky with respect to magnetic fields
though. It requires constant calibration if you're going to
take off anywhere near a magnetic field and I find that
interesting. Electro magnetic field interference, I think
that's pretty cool. DJI phantom 3 updates, I've heard this from
other presenters and I respectfully disagree. Whenever
an update comes out from DJI for my phantom 3, I get a warning
message right before I take off and it says sorry dude, you
cannot take off until you apply that update. And I'm like
really? It's like uh-huh. I contacted their tech support on
three different occasions to get three different guys and I said
hey, what's the deal with your updates and they're like sorry
man, that's the way it is. We have an update, you have to
apply it to your device. There's no way around it. What if I want
to roll back. They're like dude you're screwed. I'm like that's
your answer? He goes, pretty much. Insert the micro SD card,
try again. So let's kick it off. What happens if we disrupt the
wi-fi signal going through a phantom 3? It turns out it
doesn't do anything because it doesn't operate over wi-fi.
Which is kind of cool. But it brings up the other question of
what happens if we start to disrupt the GPS signal. Now if
you look carefully at the GPS app, I'm not talking about
what's installed on the device itself, I'm talking about the
app itself, it turns out there's a little tiny database called
fly safe places. And it's very interesting. As of July 24th,
that database had 10,914 entries. It contained the
latitude and longitude of all of the no-fly places that were
listed in it, contained the country ID, the city, the name
of the location, what type of shape was around it, what the
radius was, whether or not it was going to issue an warning to
the user, whether or not it was going to issue a disable and
there was a time stamp as to whether it was added to their
database. I very easily downloaded this database and
started changing entries which I found to be interesting. So when
the DJI phantom 3 is flying, you get something that looks like
this in a very nondescript area. At the very top it shows a safe
to fly GPS indicator. No problem. There's a map in the
lower right corner. Hypothetically if someone were
to turn on a GPS test signal generator, all of a sudden
everything goes to this. It automatically loses GPS. If I am
flying the device and I start to look at its own diagnostics, it
comes back and tells me what frequencies it is using to send
video signals back to my iPad. When GPS is disrupted, all of a
sudden things start getting squirrelly. It turns out my
video started to become choppy. It had a lot of latency. It also
turns out when the return to home feature was working, it
lost GPS. The thing was flying home could be right here and
here it comes and here it goes. Hey, there it goes. It missed
its home point completely. Flew by it. If you've flown a DJI
phantom 3? Aren't they awesome? Lots of finesse to it, right?
All of my finesse was completely gone. It's like I was flying
this thing all over again. So I was sitting there and
controlling it. It turns out it almost hit someone and they got
a little upset. So in slightly windy conditions or if you're
near a building, there's a downdraft and he becomes
unstable and he crashes. So it's a combination of the windy
conditions and where it is flying along with losing GPS if
it started with GPS which I think is an interesting thing.
There's something else I also noticed. What happens if we play
around with the magnetic field around our DJI phantom 3? It
turns out whenever it launches, if it can't get a good magnetic
compass reading, it's going to say hey dude, I can't fly until
I get calibrated. It says I'm calibrated. You set it back
down. If it loses that magnetic field, guess what happens? Sorry
dude I've got to recalibrate again. You pick it up, you twist
it, roll it and you're good to go. So if you were to take a
couple of hard drives, hypothetically you left them in
the area, this thing is not taking off. It will never get
off the ground which I found to be interesting. It is very
sensitive in that area. A lot of things going on. D off on the
bee bop drones and any of the Parrot series, very quickly
disassociates the controller with the device. Yeah, you got
to that bottom line, did you. GPS interference definitely
screws up the return to home function it causes the device to
stop and the other one it misses its home sequence. If you take a
look at the magnetic field you can't launch with the DGI 3 it
has a lot of performance issues. And lastly the physical things
you can throw things just to kind of shoot it down to mess
with people. There are tons of references in this space on
looking up what people are doing, what regulations are
there. They are constantly changing. People are passing
laws, regulations and all sorts of jurisdictions based just on
personal opinion. I just don't want them in my space because it
will annoy my quiet time at the beach. Okay. Well, your
screaming kid annoys me at the beach. I'm not disbanding him
and sending him away so leave my drone alone. So there are all
sorts of rules. You can go through and see which types of
frequencies are allowed in which types of regions and which ones
aren't. So it's going to vary from country to country. It was
a fun research project. I knocked my neighbor's kid and
his drone offline. Thanks. (Applause.) I'm almost afraid to
do this. Do you have any questions? >> I have a question.
>> Yes, sir. You in the front. >> Anybody have any questions?
I'm going to see my friend over there. I'll be right back. >> So
you mention interfering with the GPS signal. How about modifying
or sending it a GPS signal with different coordinates. >>
Theoretically you can do that -- GPS is not encrypted. You can
send a signal provided your signal is stronger than that of
the official signal. You could very easily tell it it's
somewhere else without a problem. No problem. Easy to do
that. >> All right. If you have questions, come up here and
queue up so I don't have to walk my fat ass around the room.
Cool, thanks very much. (Applause.) >> All right. I
think Siemens is in New Jersey or Maryland. >> Where you teach?
>> Maryland. >> I thought it was in New Jersey. Anyway. >> The
university, not the institute. >> Okay, there you go. >>
Anyway, in the New York area in the past couple of weeks there's
been a couple of drones buzzing commercial aircraft coming in
and that's like 4,000 feet. But what happened to the, you know,
the geofencing and the 400 foot ceiling and everything? >> In.
DJI phantom 3 you can actually turn off that ceiling limit and
it will prompt the pilot to say hey the FAA says 400 feet and it
will go yeah whatever. The thing can go up to about 1,500 meters.
There is a video of a guy in Sweden who decided it would be a
great idea to take his phantom drone, fly it up 1,000 meters
above the clouds, to sit there to get some views, and then all
of a sudden, oh crap, I lost control of it, I can't bring it
down. It will come down eventually and it crashed 500
meters away. He got ridiculed online and he was like I was
good. No, dude you're an idiot. So you can turn off that feature
and you can go into autonomous mode and fly. >> Why is that
possible. >> He wants to know why is that even possible and
the idea is you can very easily turn that off. Theoretically you
could get permission from FAA and the air traffic control
tower to fly in an area provided you registered with them for
commercial reasons so you could have a reason to fly that high
so you could turn it off. It's up to the flyer to take control,
at least right now. Probably not. >> Michael, in your
research you mention that the phantom 3 controller was not
using wi-fi. Were you ever able to figure out how that
controller worked? >> I was looking -- I know it's doing
communication over some RC channels, traditional RC
channels and I haven't had time to intercept that traffic. >> To
find the light bridge. >> Something other than the 2.4 to
2.5 gig Hertz range. Typical RC controllers I couldn't get that.
The video comes back. >> Have you played around with the 3 DR
solo at all? >> I have not played around with that yet.
Yet. >> So you mentioned that you were able to pull down the
database and look around inside it for the no-fly zones. Did you
experiment at all with making your house a no-fly zone? >>
Technically there are certain websites where you can register
your property as a no-fly zone. I added a database entry real
quick but I hadn't had a chance to finish everything. I took out
several entries and went back and forth. >> So is there any
authorization required to connect to that and download it
or were you able to openly connect to that and download it
would you be able to do that to your kids DJI phantom 3. >> The
DJI 3 phantom app and the bee bop app are all free for anyone
to download. So you can download it to your device and pop out
the database and start messing with it and look around. >> But
what I'm thinking is your neighbor's drown, can you
connect to that and download the database and send it back to his
drone so he doesn't know why but all of a sudden he can't fly
around your backyard. >> I like your thinking, but the database
is stored on his controller, not on the drone itself. >> So
question about the, I guess the database and the GPS in relation
to the regulatory structure for drones. My understanding is the
FAA has a regulation around no-fly zones that's on the
database and the GPS being accurate. Is there anything that
you know of, either that the FAA is doing to require stronger
authentication or inhibit GPS jamming in that regard? >> No,
I'm not familiar with what FAA is trying to do. >> So the
follow-up is if I go in and I spoof GPS, not turn it off,
would I be able to technically fly the device in a no-fly zone.
>> Technically the bee bop drone I could fly anywhere. The
phantom 3 drone I could put it in A mode, technically I could
fly that anywhere. Which is kind of crazy. Right? And people are
doing DJI drones wouldn't have any of that stuff and they can
fly their stuff anywhere. So crazy stuff. >> One comment, one
question. I fly model planes, I'm also a hang glider pilot so
very familiar with the FAA and what they like and don't like.
So one comment would be number one it needs an organization
privately for somebody to say hey listen, we don't like the
regulations that you're running so there's the United States
hang glider association, of course the MA is the association
for RC modelers. I would think that's one area we need to go in
if we don't like what everybody else is going to come up and
write for us. I loved the way that was on there. That was
awesome. What I was curious about were you able to turn that
into it while the person was still in control? >> Yes. >> My
next step is why didn't you just go into the kid's app. >> The
app is on his device. >> Were you able to then traverse back
down to him possibly? >> I didn't bother. I just stayed on
the device itself and I knocked it down. While someone else was
flying that drone, I telnetted directly into that drone while
it was running. I had three other devices acquired DHCP
addresses. And then with the telnet connection I just issued
the shutdown script and boom, down he went. >> How about R and
minus R? >> Theoretically I can play in there all day. >> You
said that you were able to disrupt the flight by jamming
the GPS signal -- >> Jamming would be illegal. >> Were you
able to regain control of it just by switching to attitude
mode in that case? >> On the bee bop drone, once a GPS signal
that was being interfered with went away, he eventually
reclaimed his own GPS and the return to home feature worked
again. On the other one, the moment that that signal was
disrupted when it reclaimed GPS and it was much faster then it
was fine and away it goes and finesse came back. The
interesting thing on the phantom 3 is if you also take a 2-inch
by 2-inch square of aluminum foil and put it directly over
the top, it completely interferes with all of the GPS
signal reception. All of it. Just like that. >> Thanks.
Tucker with defense one. Thanks for a great presentation. A few
of the issues that you mentioned aren't entirely though many of
them are. Did you approach either manufacturer with any of
these things that you found and follow up to that, if you were
to make a recommendation to policy makers or FAA people
about how to deal with some of these vulnerabilities, what
would that recommendation be? >> My recommendation quickly back
to Parrot would be dude, would you please shut down the
services while the damn thing is in flight. Please. At least for
mine. The other ones, it would be nice if there was some
database that was reliable and I couldn't get to and muck with
and that sort of thing. I don't think they can fix anything
about GPS interference. Fly under a bridge and all of a
sudden you have interference sitting right there. Respect to
policy makers, I would like to see policy makers get informed
before they start making decisions. That's a nice way to
go. (Applause.) >> Did you approach the manufacturers with
any of the vulnerabilities that you found? >> I spoke to several
people who wouldn't speak to me officially from Parrot and
they're like we're designed to be open so people can do
development. Both products came out on the market saying we have
weigh point capability where you can program it for the phantom 3
and for the bee bop. No, you don't, actually. It turns out
it's not there. They market it that they had it and I'm like
this is going to be awesome. I get it. Wait a second, it's not
there. I kind find it. I go to their forums and people have
been complaining for months that Parrot says we're going to get
to it, we're going to rely on third-party vendors to help us
solve this problem. That's disappointed. The phantom 2 has
weigh points that you can program, the phantom 3 does not.
So it would be nice if they got that moving along, which would
be helpful. I haven't talked to anyone at DJI. I did speak to
someone who gave a presentation maybe an hour ago. I said I kind
of disagree with your statement that I don't have to accept to
an update to a DJI phantom 3 and he goes oh, really? I'll have to
check on that. Bad answer, dude. >> Suppose you got access with
the FTP and then download the images and it turns out he
actually has been taking pictures of your daughter in the
shower where do you go with that? >> Thank God I don't have
a daughter. >> Suppose you did. >> So he's taking a picture of
me. >> I don't care who he takes it. You've downloaded a picture,
it's obviously an inappropriate photograph that he's taken,
invasion of privacy. Do you take that picture to somebody, what
are your options legally? >> What are my options legally? So
one, I'm not an attorney. Legally if someone were to
peeping Tom rules would apply at this point. Certain states are
issuing privacy laws on drones, it depends from jurisdiction to
jurisdiction as to what's happening. So the idea at that
point you go to the police and say hey dude my neighbor took a
picture of me in the shower through his drone and you let
them handle it. >> What do they say to you that you got the
picture or do they care about that? Or they made it open
anyway -- >> I mean this in a very nice respectful way of our
law enforcement brethren. Usually when I tell them
something like that, they never get to that question. They're
off following the kid. They would never come back to me and
say well, how have you gotten that picture. Well, it was right
there and I just took it, here. >> Thanks. >> I notice that a
lot of the new manufacturers have imbedded the app in the
controller and they're running on android. Have you checked any
of that out. Do you have any future plans to see what their
vulnerabilities. >> I would love to play with android. I was
focusing on the drone itself, not necessarily the controller.
I just happened to peek into my iPad and iPhone to see if it was
there. I think android is going to be similar. When he's flying
I'm not looking to disrupt his controller, I want to look at
the drone itself. >> Just curious. >> I like the idea and
I haven't gotten to it yet and it's become a very expensive
research project crashing drones. >> I found it quite
interesting with both the bee bop and the DJI you were able to
connect another thing in flight. >> I could not do that to the
DJI phantom 3. I could do to the Parrot drone. >> That is
actually pretty good. I've noticed that a lot of drones
have had availability of connecting and flying over
security. It's true with the bee bop there and even with some of
the open source stuff if you're not using an AES encrypted
radio. What do you think are the next steps for manufacturers to
take in terms of securing their drones so that they can't be
taken over mid flight? >> It depends what it's being used
for, right? If you're going to do hobbyist work and you're
flying indoors, I think it would be great if we hung a couple of
nets here and did drum races. That would be fantastic.
Everybody show up with your own drone we'll zip around and see
who takes out the goons. In that situation I'm not really
concerned outside. But I mean you can apply the same logic to
other things in our society, right? Oh, my God, someone has a
gun, he would use the gun to do anything. What are the gun
manufacturers going to do to prevent some guy from using it
irresponsibly. So we have the same sort of thing here. If
we're not careful and if the community doesn't put in the
appropriate self-guidance, right, you know congress is
going to legislate the hell out of it. If it moves, congress
will attack it. I think there's a limit as to how far we should
go. Otherwise we'll completely kill the market and it won't be
fun anymore. >> Thank you for the talk. >> You're welcome.
Thanks for coming. >> Thank you. I was wondering. I see that your
presentation was focused on vulnerabilities and
exploitation. As far as the wifi-based devices, have you
researched anything to do with securing your own personal
drone? >> You know, my first thing to do was to see what I
can do to knock it down. The next thing will be to see what I
can do to shut down particular services while it flies to make
it a little more bulletproof. I just haven't gotten to that yet.
>> To add on to that, would you be interested in finding out by
chance afterwards? >> Sure, man. E-mail address on the end of the
last slide in the presentation. Drop me a line. If you want a
copy of the presentation, drop me a line. >> Cool. Thank you
very much. >> I just have one more question regarding have you
played around at all with ADSV? >> I have not. >> Are you
familiar with that? >> Not so I can speak intelligently on it.
>> Okay. >> What happens if you fly the phantom through a
magnetic field instead of having one around it so it can't take
off, if it flies through a strong magnetic field, what
happens? >> I haven't tried it yet, but if interference to GPS
is similar to the magnetic field, I imagine it loses a lot
of its finesse. The DJI phantom 3 has a lot going for it. It is
not a lightweight product. It has a ground sensor, it has a
ground-facing camera, it has a barometer, it's got GPS. So if I
take out just one of them, I assume that whole thing is still
going to be flyable without any issue. Or with minor issues. The
problem is what happens when you get close to another object or a
wall. And you have the extra air and then you lose that
stability. That's when I think you're going to run into
problems. I just haven't found a way to take a magnetic field and
project it to this thing while it's in flight. I'll get to it,
right after I do my DeLorean and get it up to 88 miles per hour,
I'm going to find a way to project a magnetic field to
project it to a spot around his head and take care of that. >> I
would prefer you don't project a magnetic field around my head
but thank you. All right. So if anyone else has any questions,
we will take Michael out into the chaos that is the hallway. I
want to thank you, that was awesome. And on behalf of
speaker operations, I want to present you with that badge.
LOL! No security on the drones and they're floating servers, love it.
Like it's pretty cool that technology is leading kids outside again instead of isolating them in rooms lit by a single screen. Just my opinion.