DEF CON 23 – Robinson and Mitchell – Knocking my neighbors kids cruddy drone offline

My neighbor’s kid is constantly flying his quad copter outside my windows. I see the copter has a camera and I know the little sexed crazed monster has been snooping around the neighborhood. With all of the hype around geo-fencing and drones, this got me to wondering: Would it be possible to force a commercial quad copter to land by sending a low-level pulse directly to it along the frequencies used by GPS? Of course, radio signal jamming is illegal in the U.S and, frankly, it would disrupt my electronics, too. In this presentation, we’ll look at some of the research and issues we encountered, when we attempted to force land two commercial drones (the new DJI Phantom 3 and the Parrot Bepop Drone) by sending GPS signals directly at the drones (while staying under the threshold for jamming and not disrupting anyone else).

Speaker Bio:
Michael Robinson has over 15 years of computer security experience and is currently a computer and mobile device forensic examiner in the Washington, DC area, where he deals with intrusion analysis, incident response, and criminal cases. For over four years he ran IT and IA operations for a Department of Defense agency. He has conducted research on security of mobile devices and is starting to play around in the drone space. He teaches computer forensics at the graduate level at Stevenson University in Maryland.

38 Replies to “DEF CON 23 – Robinson and Mitchell – Knocking my neighbors kids cruddy drone offline”

  1. Mike Cottingham

    This guy didn't exploit a damn thing. He ran an nmap (basic port scanning tool) on a device which showed that the device had the telnet service running. Using telnet, you gain remote shell access to the device. Turns out this device did not have authentication configured. End of story. Sorry guys, but this dude isn't some crazy drone hacker, he showed us at the end when he deferred the answer to all questions or replied with "I didn't try that". This issue can be resolved by either enabling the basic auth for telnet, or enabling SSH on the device.


    so, it's good that these store bought units have so many vulnerabilities. If anyone is annoyed enough to take them, out who cares anyway?
    And it's good that it's illegal to disrupt aircraft of any sort, to protect those with more legitimate uses. the biggest threat that could use them is always going to be the government, so good that there are so many regulations that prohibit them from using them for many purposes.

  3. david bilia

    I can fly my phantom 3 pro without updating the batteries controller aircraft camera or app I get the warnings to update all of those things but I have always been able to take off and fly perfectly no problems. I can also fly and take off without calibration of the I'm or compass.

  4. Linktw0

    36:40 That guy makes a good point. I'm not at all interested in flying dji's or parrots but i think that the hobby community (racing, freestyle, actionsport..) is currently not at all represented at the table.

    just fyi:
    The older guy from the Australian Hobbyking reviews has done a full coverage vid about this problem and how it (like always) starts out as American internal affair (law, regulation, jurisdiction, enforcement, etc > at extreme )

    But then it will (as always) suddenly get a bunch of grey mustaches at the table each ensuring that trey're calling the shots

    Great talk from this speaker. loved how the whole narrative strings it

Leave a Reply

Your email address will not be published. Required fields are marked *