During the previous months I’ve been a speaker for various international conferences: Hackinbo (Italy, 26-27 May), Sec-T (Stockholm, 13-14 September) and Hacktivity (Budapest, 12-13 October) with a talk named: “A Drone Tale: All Your Drones Belongs To Us“.

A talk where I detailed analysed the DJI Phantom 3 model’s architecture , its attack vectors, reverse-engineered the SDK and the network protocol. I also had a specific focus section on Drones Forensics Artefacts Analysis and Methodology.

Here you can find and download all the slides and the recorded speech for the various events:

In 2013, DJI Drones quickly gained the reputation as the most stable platform for use in aerial photography and other fields. Since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responders, utility companies, governments and universities) to perform critical operations on daily basis. As a result of that, Drones security has also become a hot topic in the industry.​

This talk will provide a comprehensive overview of the security model and security issues affecting the underlying technologies, including existing vulnerabilities in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. As part of the presentation, we will discuss the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate each aspect of discovered security vulnerabilities, together with recommendations and mitigations. ​

A special focus will be on the recent changes and countermeasures DJI has applied to the firmware of its products in order to harden the security, following the recent accusations and the US Army ban. While the topic of hacking drones by faking GPS signals has been shared before at major security conferences in the past, this talk will extend these aspects to include geo-fencing and no fly zones abuses.

Outline:

• Drone Introduction
• DJI Drone Architecture
• Radio/Wi-Fi Attacks & Countermeasures
• DJI GO (Android App) Reverse Engineering & Vulnerabilities
• Firmware Analysis
• Password Cracking
• Shell Time – Root your device
• SDK Reverse Engineering
• GPS Spoofing & Countermeasures
• POC || GTFO (Creating an on-demand No Fly Zone)
• DJI Forensics Artefacts and Methodologies
• Lost & Found (Some more items that does not fit any other category)

Takeaways:
The participants will be able to takeaways the methodology that I have used to dissect, analyse, reverse engineering and root the drone. The methodology and all the tips that I will explain during the presentation will be directly applicable by participants on other IoT devices and products and for drones forensics artefacts analysis.

If you have any questions or advice, contact me :)