Drone related applications have sprung up in the recent years, and the drone security has also became a hot topic in the security industry. This talk will introduce some general security issues of the drones, including vulnerabilities existing in the radio signals, WiFi, Chipset, FPV system, GPS, App, and SDK. The most famous and popular drone product will be used to demonstrate the security vulnerabilities of each aspects, and recommendation of enforcements. The talk will also demo how to take control of the drone through the vulnerabilities.
The topic of hacking by faking the GPS signals has been shared before in Black Hat and DEF CON in the past, this talk will extend this topic to the drone security. we will demo the real-time hijacking program that we created for various drone, this program can take full control of the Drone’s maneuver by simply keyboard input. In addition, we will also introduce how to detect the fake GPS signals.
An open source tool supporting u-box GPS modules and SDR to detect fake GPS signals will be shared and published in the GitHub.
Aaron Luo is the cyber threat expert from Trend Micro Core Technology Group. Prior to joining Trend Micro, Aaron worked as a security consultant in the government cybercrime investigation department focusing on malware analysis, network forensics and protocol analysis. He has started his security research since 2005 and is active in the information security communities in Taiwan. He was the founder of PHATE hacker group, and a core member of ZUSO Security. Now he is a member of CHROOT/HITCON security research group and is interested in reverse engineering, developing security attack/defense tools (such as Firewall, HIPS system, protocol analysis, RAT, shellcode, vulnerability scanner), network forensics, RF, IoT, and penetration testing. Aaron has several research papers published in HITCON and SYSCAN360 such as "The Concept of Game Hacking & Bypassing Game Protection (Hackshield)" in HITCON (Hacks in Taiwan Conference) 2009 when he was just eighteen years old. Until today, he is still the youngest speaker ever in HITCON, and "Smashing iOS Apps For Fun And Profit" was also published in the 1st SYSCAN360 (2012).