DroneSploit is a program for exploiting security vulnerabilities drones which includes various techniques for accessing it. It targets commercial drone based on WiFi and made their debut in early December.
Theoretically drones are computers that "fly" and like all computers, can be vulnerable to attack. They may also contain significant amounts of data that could be vulnerable to cyber threats. Understanding these risks can help you better secure your own drone and prevent loss of data or assets.
The framework consists of old and new types of attack against a variety of many dronessuch as passive and active surveillance, deauth attacks and frameworks to break into drone-controller circuits. The goal is to automate the whole process and simply carry out and display the results in real time.
The framework is still limited in terms of their models drones that can be hacked based on WiFi (e.g. AR Drone, DJI Tello, Mavic Mini) but no drone based on RF (DJI Phantom 4, Mavic Pro etc.), but the goal is to accumulate so many exploits that it makes it easy to access vulnerable drones. With standard information security standards, it seeks to inform users of the dangers and to carry out simulated attacks against their own systems in order to better protect them.
For drone allowing the modification of wireless access points (WAP) and related passwords, you must adjust them before the flight. Turn off open connectivity and make sure networks are protected with up-to-date encryption standards. Where possible, use MAC filtering to ensure that only your trusted devices can connect. Check their policy drones what happens when the device loses connectivity and document the procedure for any unexpected actions it may take.
This project is available in PyPi and can simply be installed using Pip:
[Email protected]: ~ # pip3 install dronesploit
This is an example of how DroneSploit works, which aims to change the password or SSID of a specific model drone.