Security researchers are tailoring a Metasploit-like framework for drone hackers.
The developers of the tool, Alexandre D’Hondt and Yannick Pasquazzo, disclosed the progress of the framework DroneSploit at the Blackhat European Conference Blackhat arsenal held in London on December 5.
From the PPT point of view, they are all for drones that use Wifi to connect, such as mobile phone hotspots.
This includes a set of modules (based on Aircrack-NG) that allow users to hack into misconfigured drones.
As shown below
DroneSploit currently supports modules for C-me and Fitt UAV (Hobbico). New modules of other brands and models (including Parrot and DJI) are under development and will be added soon.
And their ultimate goal is to collect as many attack modules as possible on as many drone models as possible.
You know, creating the bottom layer of a toolkit in Python for designing a framework like Metasploit is undoubtedly the most laborious work in this project, but it eventually led to the development of Sploitkit.
So they are based on Sploitkit, which is the python version of Metasploit
The researchers said that with this package, it is easy to build new commands and modules for DroneSploit based on community analysis and the drones that researchers have obtained for testing.
The two developers hope to encourage other experts interested in programming and drone hacking to contribute to the further development of the project. They believe that the IoT security research community is in great need of these.
The two most popular drone brands on the market, DJI and Parrot, although there are many open source hacking projects, it still lacks a platform for collecting and automating processes, which is why they developed this platform.
The two researchers are also willing to cooperate with drone manufacturers in the ongoing development of the project.
“Unfortunately, the drones we were able to perform penetration testing at the beginning of the project were Flitt and C-me, both of which were manufactured by Hobicco, which went bankrupt last year,” Pasquazzo said.
“There is very little information about these models on the Internet, so we redesigned the product from scratch to discover our vulnerabilities, so we could not contact Hobicco to propose any security patches.”
He added that they bought Tello produced by DJI, which has a larger community and some exploitable vulnerabilities.