DroneSploit is an exploit program security of drones that includes various techniques to gain access to it. It targets WiFi-based commercial drones and first appeared in early December.
Drones are theoretically "flying" computers, and like all computers, they can be vulnerable to attacks. They may also contain a significant amount of data that could be vulnerable to cyber risks. Understanding these risks can help you better secure your drone and prevent loss of data or assets.
The framework consists of old and new types of attack against a variety of multiple drones, such as passive and active surveillance, deauth attacks and frameworks to break into drone-controller circuits. The goal is to automate the whole process and simply carry out and display the results in real time.
The framework is still limited in terms of hackable drone models based on WiFi (eg AR Drone, DJI Tello, Mavic Mini) but not RF based drones (DJI Phantom 4, Mavic Pro etc. .), but the goal is to collect so many exploits that it makes it easy to access vulnerable drones. With standard information security standards, it seeks to inform users of the dangers and to carry out simulated attacks against their own systems in order to better protect them.
For drones that allow wireless access points (WAPs) and associated passwords to be modified, you should adjust them before flights. Turn off open connectivity and make sure networks are protected with up-to-date encryption standards. Where possible, use MAC filtering to ensure that only your trusted devices can connect. Check your drones action policy for what happens when it loses connectivity deviceand document the process for any unexpected actions it may take.
Installation:
This project is available in PyPi and can simply be installed using Pip:
root @ kali: ~ # pip3 install dronesploit
Basic functions:
Interface
Modules
This is an example of it modeof DroneSploit, which aims to change the password or SSID of a specific drone model.