CYBER SECURITY

CONFERENCE

June 25th to 29th 2018

Drones the new

weapon of choice

- also for hackers

09:30 - 10:15

By Dominique C. Brack

About me…Info Sec Enthusiast

Cooperative

Drones

Non-

Cooperative

Drones

My frame of mind…I am

playing

defence

To be good at

defence you

need to know

the attack

capabilities as

well.

Business/

Consulting

Perspective

Cyber/

Security

Perspective

Critical

Infrastructure

Perspective

My Goals for this talk

Knowing how to assess

risk and select

appropriate

countermeasures for

your critical

infrastructure. Know the

CBRNNE threats. Identify

areas of weak defence.

Knowing what

implications drones will

have on you. Knowing

the relevant attack

vectors for your context

(Bank, Factory,

Datacenter, City Planer

etc.).

Developing drone

based business/

consulting skills. To

be able to define

drone based

services (audit,

testing, sensors, etc.)

How did the drones topic find me?

Critical infrastructure provider was looking for solutions.

eHealth provider (hospital) asked about risk mangement.

Government asked specifically about drone capabilities.

And maybe

you in the

future

Your worst enemy

handling drone risks

is called

Innovation

Why are drones an Infosec topic?And why this is definitely the right place for it.

Infosec as in

Information

security and not

just IT security.

Drones an Infosec topic

YES!

▪ Drones are the worst

flying IoT device you

can imagine

▪ To successfully working

drone based risks

Cybersecurity must

join Physical Security

"CyPhys" or "Phycy" ?

About DronesUAV'sRPAS

▪ 0-100 Km/h: 3 seconds

▪ Stopping distance: 5m

▪ Max. speed: up to 185 Km/h

▪ Altitude (DJI Phantom4): 3'799Meters

▪ Flight times: up 45 minutes or more

▪ Payload: up to a person

▪ Reach: with 5G or GSM worldwide

▪ Costs 100$ - 20'000$ or more

▪ GPS, GALILEO and GLONASS

2.4 GHz (2400-2483.5 MHz), 5.8 GHz (5725-5875 MHz)

Beyond Visual Line of Sight (BVLOS), Visual Line of Sight

(VLOS), First Person View (FPV),

Some Drone Basics

Regulation

▪ https://www.easa.europa.eu/easa-and-

you/civil-drones-rpas

▪ https://www.geoportail.gouv.fr/donnees/

restrictions-pour-drones-de-loisir

▪ https://www.federation-drone.org/les-

drones-dans-le-secteur-civil/la-

reglementation-francaise/

▪ https://www.les-

drones.com/reglementation/

Regulation never

stopped actual

criminals, terrorists

or ill advised

people. You need to build

you defence capabilities yourself.

Paris Geomap

Drones are a

FUD

topic

Fear

Uncertainty

DoubtCircus

Low maturity topic

Innovation topic

Start-up mentalityThis means you have to test & verify all the way!

WhyTesting

?

Some product promisesare like unicorns walkingover rainbows (test & verify).

Drone Risk Methodology and Strategy Development

Collection of drone based incidents and verification

of plausibility based on reputation of source.

Based on experience the development of the Drone

Threat Catalogue including the categories.

Definition of the Drone Threats and Drone

Countermeasures based on current technology.

Governance: building a Threat Radar

Drone Threat Catalogue

Highlights from the Catalogue

(140 Risks)

Espionage (Spying)

Shoulder Surfing through Windows/ Rooftops

Eavesdropping with Drone Mounted Laser

microphone

Privacy Intrusion

Behavioral/ Habitual Analysis

Sexual Preferences

Health Condition/ Status

Computer Systems Hacking (Intrusion)

Hacking of a Person's Medical Equipment

Kinetic (Just the Drone)

Destroy the one in 10 Years Flowering (Amorphophallus titanum)

Chasing Animals to exhaustion

Economic

Create disproportionate reputational damage (Political)

Constant provocations (restricted no fly zones) requiring

constant attention

Intrusion/ Trespassing

Evidence & Crimescene Destruction/ Tampering/ Alteration

Theft: Tangible items i.e. plans, maps, jewelry, art objects (statues), Laptops,

Mobile Phones etc.

Abductions: Children or pets

11 Drone Attack Vectors

Drone Threats

Payload Attacks Comp. Sys. Hacking

Kinetic Attacks

Privacy IntrusionSignal Hacking

Espionage (Spying) EconomicCivil Disobedience

Insider Threat

SurveillanceIntrusion/ Tresp.

> Icons copyright © Reputelligence 2017

6 CBRNNE Threats

CBRNNE Threats(Payload Subgroup Defence specific)

Chemical Biological Radiological

Nuclear Narcotics Explosives

> Icons copyright © Reputelligence 2017

Geofencing Collision

Payload

Catching

Predator BirdMissile Projectiles

Jamming No-fly zones

EMP

Shutters

12 Drone Countermeasures

Drone Threats Countermeasures

Cyber

> Icons copyright © Reputelligence 2017

Threat RadarThe Drone Guard drone threat radar is a management tool for assessing specific risks. The radar presents a current view on the specific risks and the expected future development of the specified risks if no actions are taken. It helps to prioritise and agree on the development of risks. The

sectors are actors from where the specified risk will most likely arise. Each threat on the radar is explained in detail.

▪ Drone Guard Threat Radar

07-2017

▪ 11 Identified threat

groups (detailed

description available)

▪ 5 defined sectors (actors)

▪ Presentation for selected

groups possible

▪ Strictly internal

Some Payload ExamplesFor testing purposes

we mounted a DJI

Phantom 2 with a

payload device.

The device can be

remotely dropped.

It can be filled with

anything you want.

You can also drop memory sticks, fake access points, tracking devices etc.

So

me

Pa

ylo

ad

Ex

am

ple

s

Movie time!

Primary/ SecondaryPrimary Risks are the risks

directly caused by the drone

like physical damages to

facilities, injuries to spectators

and athletes.

Secondary Risks are the risks

caused by a drone like mass

panic, damages to the

reputation, liability and

copyright issues, cancellation

and delay of activity and

political implications.

Drone Threats Countermeasures Assessment

What works best?

The 5 Assessment

Criteria's

▪Effectiveness

▪Safety & Risk

▪Public acceptance

▪Legality

▪Costs

GeofencingCollisionPayloadCatchingPredatorMissile Projectiles Jamming No-fly zonesEMP Shutters

Effectiveness

Safety

Public

Acceptance

Legality

Costs

…

Cyber

1-10 (most)

1-10 (best)

1-10 (most)

Regulated –

non-regulated

1-10 (highest)10 7 8 9 7 5 6 7 8 2 2 6

8

reach

automatism

reach

5

Limited reach

8

collateral

8

Agility, speed

7injuries

hit rate

4reach

3

hit rate reach

7

hit rate

5 If not

tampered

9

organizational

2

policies

9

collateral

2

Less collateral

4

GPS, Galileo

9

application

5 7 6

collateral

3 8

collateral

3

GPS

8

GPS, FIrmware

8 6

Not

appropriate

2

dangerous

3Widely

accepted

9

damages

5

Friendly, injuries

8 7 3Less

destructive

8 6 9 8 7

Cracking WPA legitimization

asymmetric overshooting GLONASS Crash landing Sec. landing Crash landing target aquis. Remote ctrl Vendor controlled Limiterd scope

disproportional

Eco. nonsense Destruction of

property

Non threatening

to public

Destruction of

property

Destruction of

property

Destruction of

property

Regulated

-Defence

-Military

Private/

Gov:

Regulated

Others: non-

regulated

Fobidden

by FCCfcc.gov/general/j

ammer-

enforcement

Non-

regulated- Appropriate-

ness of

counter-

measures

Non-regulated Non-

regulated- Appropriate-

ness of

counter-

measures

Non-

regulated- Appropriate-

ness of

counter-

measures

Data

protection

act

Non-

regulated- Appropriate-

ness of

counter-

measures

Regulated

https://www.bakom.admin.ch/bakom/en/homepage/equipments-and-installations/particular-equipment/jammers.html

Regulated

-DJI etc.

- Firmware

- SW updates

- Flight ctrls.

Non-

regulated

- - Private

policies

22 19 34 27 29 22 15 30 24 28 20 28

A AIA AA A A A AI PI PIA

Effectiveness

Safety

Public

Acceptance

Legality

Costs

…

1-10 (most)

1-10 (best)

1-10 (most)

Regulated –

non-regulated

1-10 (highest)

Jamming

8

Limited reach

8GPS, Galileo

9

Widely

accepted

9

GLONASS

Fobidden

by FCCfcc.gov/general/j

ammer-

enforcement

34

A

Predator

7

Agility, speed

7injuries

7

Friendly, injuries

8

Sec. landing

Non threatening

to public

Non-regulated

29

A

Cyber

7

reach

7

8

Less

destructive

8

Cracking WPA

Remote ctrl

Data

protection

act

30

A

Geofencing

2

If not

tampered

9

GPS

8

9

Regulated

28

PI

Shutters

6

policies

9

6

7

Limiterd scope

Non-

regulated

- - Private

policies

28

AI

EMP

9

collateral

8

application

5

damages

5

Crash landing

Destruction of

property

Non-

regulated- Appropriate-

ness of

counter-

measures

27

A

What's left?▪A two step approach is

recommended:

1.) Detection, Recording and

Triangulation (Forensic Grade)

2.) Active Defence Mechanism's,

Take Down and Block Starting

GeofencingShuttersCyber

Today

Regulation changes quite

regularly check back often.

Drone Detection is not Drone Defence!

Data collection with drone detection sensors installed in our locations (over IoT cloud).

Example Manual Forensic

Detection Log

Forensic sound, court admissible log file of drone detected.

The PhotoA particular press photo caught the attention…

The city is a no-fly zone. This photo was suspect in regards

to the angle taken and the person looking up.

With the help of

google Street view

the place the photo

was taken could be

investigated.

Correlation of the

drone detection log

and the picture from

the press leads to a

high likelihood that

the photo was taken

by a DJI Mavic Pro.

OSINT

To be affirmative the drone should be seized and the pictures EXIF'd.

Testing is Dangerous and expensive

Lucky it was not

my wife's car…

Beware!

Fish gills…

There is such a thing as a

typical drone injury…

You may look away

Upping safety!

Never!Ever!

Do!

This!No 10 finger typing anymore…

Do! This!

Always!

Movie time!

The End