DroneSploit – A pentesting console framework dedicated to drones

DroneSploit – A pentesting console framework dedicated to drones(github.com)

112 points by Researcherry 4 years ago | 13 comments

Disappointed it is not about pentesting by physically sending drones into data centers through the ventilation pipes.

There are some cases of drone use in pentests that while less exciting than flying in vent pipes I still enjoyed. I had a pentest with a large cargo and shipping facility on the east coast and used off the shelf commodity equipment. We stripped hardware to the bare minimum in size to reduce weight, connected a cellular modem to a raspberry pi powered by battery and landed the drone on top of a building on the yard (that turned out to be a union break facility). The intention was to design it so that we would never recover it(granted it was authorized so we indeed recovered it). It gave us enough time to passively collect the data needed to breach the wifi in the break room / building, which in turn was hard lined into the main network.

All in I think the expenses were around $1200 total for the drone and this was like 8 years ago. Not something most would be willing to waste, but with time and effort you could make something now for probably a third the cost.

We also used a similar setup wired into a Jetski that we left attached to an adjacent dock once too. I can only imagine what others are doing ;D

idiotsecant 4 years ago | | |

Always curious about this - I work in infrastructure that would be a major public safety issue if it was compromised, and our security seems equal parts useless and overly focused on things that don't matter. We did some pentesting at one point and when it was demonstrated that security was demonstrably trivial to breach rather than getting to work fixing things it was hushed up internally and nobody important ever saw it.

Do your customers actually pay you to break security and then act on what is found? Or are most of them paying you to demonstrate that their security is perfect and then quietly burying results if they don't go that way?

R0b0t1 4 years ago | |

Hack a drone to pentest with that same drone. Genius.

ianelbert 4 years ago | |

Me too

kevinsundar 4 years ago |

Just curious, what non toy drones these days use wifi for their control link? I've been in the hobby drone space for 5 years and really have only seen cheap toys drones use wifi (due to limited range).

I know DJI uses some communication method built on top of wifi but is it the type that is susceptible to standard wifi based attacks?

Rebelgecko 4 years ago | |

On older DJI Phantoms, you could connect to the Wifi hotspot and SSH into the drone. Not sure if that's still possible.

khancyr 4 years ago | |

Yep, and not so much recent example : Tello, bebop... Those are quite old and well open to allow external control from custom softwares

jcims 4 years ago | |

Not many, but that's just PHY stuff. The threat model is really the barycenter of these targeted offensive security platforms. Adding support for new protocols is generally trivial if there's an option, and a place to leverage them will tend to incentivize development when there isn't.

dapids 4 years ago | | |

No, adding support for new protocols is far from trivial. There are so many factors that can make this non trivial such as encryption, channel hopping, DSS, hardware required, etc.

lazide 4 years ago | | |

“Just PHY stuff” is a pretty big barrier though isn’t it?