In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company's Bebop model, fall from the sky with a keystroke.
In a live demonstration at Def Con's Internet of Things Village on August 8, Ryan Satterfield of the security consulting firm Planet Zuda demonstrated a takedown of a Parrot A.R.Drone by exploiting the drone's built-in Wi-Fi and an open telnet port on the drone's implementation of the BusyBox real-time operating system. Connecting to the drone gave him root access to the controller, and he was able to kill the processes controlling flight—causing the drone to drop to the ground.
In a session at DEF CON on August 9, researcher Michael Robinson, a security analyst and adjunct professor at Stevenson University in Maryland and George Mason University in Northern Virginia, dove further into the vulnerabilities of Parrot's drones, discussing his research on the Bebop drone in a session entitled, "Knocking My Neighbor's Kid's Cruddy Drone Offline." Robinson noted that because of the Parrot's open Wi-Fi connection, it would allow anyone with the free Parrot app on a mobile device to pair with the drone in-flight. Using a Wi-Fi "de-auth" attack, he was able to disconnect the control app on the operator's device and take control with the app from another while the operator of the original controlling device attempted to re-establish a Wi-Fi connection. The new pilot could then simply fly the drone wherever he desired. Robinson warned anyone who planned to take over someone else's Parrot drone that the mobile app left forensic artifacts on mobile devices—including the serial number of the drone.