Hijacking Quadcopters with a MAVLink Exploit

Not many people would like a quadcopter with an HD camera hovering above their property, and until now there’s no technical resource to tell drone pilots to buzz off. That would require actually talking to a person. Horrors. Why be reasonable when you can use a Raspberry Pi to hijack a drone? It’s the only reasonable thing to do, really.

The folks at shellIntel have been messing around with quads for a while, and have recently stumbled upon a vulnerability in the Pixhawk flight controller and every other quadcopter that uses the MAVLink protocol. This includes the Parrot AR.drone, ArduPilot, PX4FMU, pxIMU, SmartAP, MatrixPilot, Armazila 10dM3UOP88, Hexo+, TauLabs and AutoQuad. Right now, the only requirement to make a drone fall out of the sky is a simple radio module and a computer. A Raspberry Pi was used in shellIntel’s demo.

The exploit is a consequence of the MAVLink sending the channel or NetID used to send commands from the transmitter to the quadcopter in each radio frame. This NetID number is used so multiple transmitters don’t interfere with each other; if two transmitters use the same NetID, there will be a conflict and two very confused pilots. Unfortunately, this also means anyone with a MAVLink radio using the same NetID can disarm a quadcopter remotely, and anyone with a MAVLink radio can tell a quad to turn off, or even emulate the DJI Phantom’s ‘Return to China’ function.

The only required hardware for this exploit is a $100 radio and three lines of code. It is certainly possible to build a Raspberry Pi-based box that would shut down any Pixhawk-equipped quadcopter within radio range, although the folks at shellIntel didn’t go that far just yet. Now it’s just a proof of concept to demonstrate that there’s always a technical solution to your privacy concerns. Video below.

Continue reading “Hijacking Quadcopters with a MAVLink Exploit”

Panopticlick: You Are A Beautiful And Unique Snowflake

We all like to think we’re unique, but when it comes to remaining anonymous online that’s probably not such a good idea. By now, it’s common knowledge that advertising firms, three-letter agencies, and who-knows-who-else want to know what websites you’re visiting and how often. Persistent tracking cookies, third-party cookies, and “like” buttons keep tabs on you at all times.

For whatever reason, you might want to browse anonymously and try to plug some of the obvious sources of identity leakage. The EFF and their Panopticlick project have bad news for you.

The idea behind Panopticlick is simple: to try to figure out how identifiable you are even if you’re not accepting cookies, or if you’ve disabled Flash, or if you’re using “secure” browsers. To create a fingerprint of your browser, Panopticlick takes all the other little bits of identifying information that your browser gives up, and tries to piece them together.

For a full treatment of the project, see this paper (PDF). The takeaway from the project is that the information your browser gives up to servers can, without any cookies, specifically identify you.

fooFor instance, a server can query which plugins your browser supports, and if you’ve installed anything a tiny bit out of the ordinary, you’re fingerprinted. Your browser’s User Agent strings are often over-specific and tell which browser sub-sub-sub version you’re running on which OS platform. If you’re running Flash, it can report back which fonts you’ve got installed on your system. Any of these can be easily as rare as one-in-a-million. Combining them together (unless they’re all highly correlated) can fingerprint you uniquely.

You can’t necessarily win. If you disable Flash, the remote site doesn’t get your font list, but since only one in five browsers runs with Flash disabled, you’re still giving up two bits of information. If you run a “privacy-enhancing” niche browser, your chances of leaving a unique fingerprint go through the roof unless you’re also forging the User Agent strings.

I ran the Panopticlick experiment twice, once with a Firefox browser and once with an obscure browser that I actually use most of the time (dwb). Firefox runs a Flash blocker standard, so they didn’t get my font list. But still, the combination of browser plugins and a relatively new Firefox on Linux alone made me unique.

It was even worse for the obscure browser test. Only one in 1.4 million hits use dwb, so that alone was bad news. I also use a 4:3 aspect-ratio monitor, with 1280×1024 pixels at 24-bit color depth, which is apparently a one-in-twenty-four occurrence. Who knew?

fooFinally, I tried out the Tor browser, which not only routes your traffic through the Tor network, but also removes a lot of the specific data about your session. It fared much better, making me not uniquely identifiable: instead only one in a thousand. (Apparently a lot of people trying out the Panopticlick site ran Tor browser.)

If you’re interested in online anonymity, using something like Tor to obscure your IP address and disabling cookies is a good start. But Panopticlick points out that it may not be enough. You can never use too many layers of tinfoil when making your hat.

Try it out, and let us know in the comments how you fare.

Who’s Watching the Kids?

It wasn’t long ago that we saw the Echo bloom into existence as a standalone product from its conceptual roots as a smartphone utility. These little black columns have hardly collected their first film of dust on our coffee tables and we’re already seeing similar technology debut on the toy market, which causes me to raise an eye-brow.

There seems to be some appeal towards making toys smarter, with the intent being that they may help a child learn while they play. Fair enough. It was recently announced that a WiFi enabled, “Hello Barbie” doll will be released sometime this Fall. This new doll will not only be capable of responding to a child’s statements and questions by accessing the Internet at large, it will also log the likes and dislikes of its new BFF on a cloud database so that it can reference the information for later conversations. Neat, right? Because it’s totally safe to trust the Internet with information innocently surrendered by your child.

Similarly there is a Kickstarter going on right now for a re-skinned box-o-internet for kids in the shape of a dinosaur. The “GreenDino”, is the first in a new line called, CogniToys, from a company touted by IBM which has its supercomputer, Watson, working as a backbone to answer all of the questions a child might ask. In addition to acting as an informational steward, the GreenDino will also toss out questions, and upon receiving a correct answer, respond with praise.

Advancements in technology are stellar. Though I can see where a child version of myself would love having an infinitely smart robot dinosaur to bombard with questions, in the case of WiFi and cloud connectivity, the novelty doesn’t outweigh the potential hazards the technology is vulnerable to. Like what, you ask?

Whether on Facebook or some other platform, adults accept the unknown risks involved when we put personal information out on the Internet. Say for instance I allow some mega-corporation to store on their cloud that my favorite color is yellow. By doing so, I accept the potential outcome that I will be thrown into a demographic and advertised to… or in ten years be dragged to an internment camp by a corrupt yellow-hating government who subpoenaed information about me from the corporation I consensually surrendered it to.

The fact is that I understand those types of risks… no matter how extreme and silly they might seem. The child playing with the Barbie does not.

All worst case scenarios of personal data leakage and misuse aside, what happens when Barbie starts wanting accessories? Or says to their new BFF something like, “Wouldn’t we have so much more fun if I had a hot pink convertible?”

Hackaday Terms of Use (aka: The Lawyers are Coming!)


Hackaday has posted Terms of Use and Privacy Policy documents which you should read. These can also be accessed through the Policies Page which is linked in the footer. We’ve edited this post to take up less room since it will be sticky for a few days. Original text and updates after the jump.

Continue reading “Hackaday Terms of Use (aka: The Lawyers are Coming!)”

Raspberry Pi Tor proxy lets you take anonymity with you


Your web traffic is being logged at many different levels. There are a few different options to re-implement your privacy (living off the grid excluded), and the Tor network has long been one of the best options. But what about when you’re away from you home setup? Adafruit has your back. They’ve posted a guide which will turn a Raspberry Pi into a portable Tor proxy.

The technique requires an Ethernet connection, but these are usually pretty easy to come by in hotels or relatives’ homes. A bit of work configuring the Linux network components will turn the RPi into a WiFi access point. Connect to it with your laptop or smartphone and you can browse like normal. The RPi will anonymize the IP address for all web traffic.

Leveraging the Tor network for privacy isn’t a new subject for us. We’ve looked at tor acks that go all the way back to the beginnings of Hackaday. The subject comes and goes but the hardware for it just keeps getting better!

Making a privacy monitor from an old LCD


[dimovi] had a spare LCD monitor sitting around and thought it would be great to convert it into a “privacy” monitor.

The process is simple enough for anyone comfortable with disassembling electronics. He took apart the monitor’s plastic frame, cutting out the polarized film with a utility knife. Once the film was removed, he spent some time removing the film adhesive from the glass panel using a combination of Oops cleaner and paint thinner.

He reassembled the monitor, which now shines a bright white regardless of what is actually being displayed on the screen. He removed the lenses from a pair of theater 3D glasses, replacing the plastic with the film he removed from the monitor.

Now, [dimovi] is the only one who can see what’s he is doing on his computer, which is just the way he likes it.

While there’s not a lot of magic going on behind the process, we think it’s a neat way to reuse an old monitor.

iPhone watching every breath you take, every move you make


Most people tend to enjoy a certain modicum of privacy. Aside from the data we all share willingly on the web in the form of forum posts, Twitter activity, etc., people generally like keeping to themselves.

What would you think then, if you found out your iPhone (or any iDevice with 3G) was tracking and logging your every movement?

That’s exactly what two researchers from the UK are claiming. They state that the phone is constantly logging your location using cell towers, placing the information into a timestamped database. That database is not encrypted, and is copied to your computer each time you sync with iTunes. Additionally, the database is copied back to your new phone should you ever replace your handset.

We understand that many iPhone apps use location awareness to enhance the user experience, and law enforcement officials should be able to pull data from your phone if necessary – we’re totally cool with that. However, when everywhere you have been is secretly logged in plaintext without any sort of notification, we get a bit wary. At the very least, Apple should consider encrypting the file.

While this data is not quite as sensitive as say your Social Security number or bank passwords, it is dangerous in the wrong hands just the same. Even a moderately skilled thief, upon finding or swiping an iPhone, could easily dump the contents and have a robust dataset showing where you live and when you leave – all the makings of a perfect home invasion.

Continue reading to see a fairly long video of the two researchers discussing their findings.

[Image courtesy of Engadget]

Continue reading “iPhone watching every breath you take, every move you make”