My talk will be about drone threats in general and how you can assess drone based threats. I will show the comprehensive threat assessment methodology and the countermeasures you can take against the drone threat. The threat assessment is based on a catalog of about 140 items. Particularly interesting will be looking at the drone threats in relation to:
Planting payload at specific locations (i.e. hacking equipment transported to target location for instance)
Tampering communication equipment with the help of drones
Insider threat communicate with an insider with the help of a drone
Hacking the communication of a drone
Privacy violations
etc.
5. My frame of mind…
I am
playing
defence
To be good at
defence you
need to know
the attack
capabilities as
well.
6. Business/
Consulting
Perspective
Cyber/
Security
Perspective
Critical
Infrastructure
Perspective
My Goals for this talk
Knowing how to assess
risk and select
appropriate
countermeasures for
your critical
infrastructure. Know the
CBRNNE threats. Identify
areas of weak defence.
Knowing what
implications drones will
have on you. Knowing
the relevant attack
vectors for your context
(Bank, Factory,
Datacenter, City Planer
etc.).
Developing drone
based business/
consulting skills.To
be able to define
drone based
services (audit,
testing, sensors, etc.)
7. How did the drones
topic find me?
Critical infrastructure provider was looking for solutions.
eHealth provider (hospital) asked about risk mangement.
Government asked specifically about drone capabilities.
And maybe
you in the
future
9. Why are drones an
Infosec topic?
And why this is definitely the right place for it.
Infosec as in
Information
security and not
just IT security.
10. Drones an
Infosec topic
YES!
▪ Drones are the worst
flying IoT device you
can imagine
▪ To successfully working
drone based risks
Cybersecurity must
join Physical Security
"CyPhys" or "Phycy" ?
11. About Drones
UAV's
RPAS
▪ 0-100 Km/h: 3 seconds
▪ Stopping distance: 5m
▪ Max. speed: up to 185 Km/h
▪ Altitude (DJI Phantom4): 3'799Meters
▪ Flight times: up 45 minutes or more
▪ Payload: up to a person
▪ Reach: with 5G or GSM worldwide
▪ Costs 100$ - 20'000$ or more
▪ GPS, GALILEO and GLONASS
2.4 GHz (2400-2483.5 MHz), 5.8 GHz (5725-5875 MHz)
Beyond Visual Line of Sight (BVLOS),Visual Line of Sight
(VLOS), First Person View (FPV),
Some Drone Basics
17. Drone Risk Methodology and Strategy Development
Collection of drone based incidents and verification
of plausibility based on reputation of source.
Based on experience the development of the Drone
Threat Catalogue including the categories.
Definition of the Drone Threats and Drone
Countermeasures based on current technology.
Governance: building a Threat Radar
19. Highlightsfrom
theCatalogue
(140Risks)
Espionage (Spying)
Shoulder Surfing through Windows/ Rooftops
Eavesdropping with Drone Mounted Laser
microphone
Privacy Intrusion
Behavioral/ Habitual Analysis
Sexual Preferences
Health Condition/ Status
Computer Systems Hacking (Intrusion)
Hacking of a Person's Medical Equipment
Kinetic (Just the Drone)
Destroy the one in 10Years Flowering (Amorphophallus titanum)
Chasing Animals to exhaustion
Economic
Create disproportionate reputational damage (Political)
Constant provocations (restricted no fly zones) requiring
constant attention
Intrusion/ Trespassing
Evidence & Crimescene Destruction/ Tampering/ Alteration
Theft:Tangible items i.e. plans, maps, jewelry, art objects (statues), Laptops,
Mobile Phones etc.
Abductions: Children or pets
23. Threat Radar
The Drone Guard drone threat radar is a management tool for assessing
specific risks.The radar presents a current view on the specific risks and
the expected future development of the specified risks if no actions are
taken. It helps to prioritise and agree on the development of risks.The
sectors are actors from where the specified risk will most likely arise. Each
threat on the radar is explained in detail.
24. ▪ Drone Guard Threat Radar
07-2017
▪ 11 Identified threat
groups (detailed
description available)
▪ 5 defined sectors (actors)
▪ Presentation for selected
groups possible
▪ Strictly internal
25. Some Payload Examples
For testing purposes
we mounted a DJI
Phantom 2 with a
payload device.
The device can be
remotely dropped.
It can be filled with
anything you want.
You can also drop memory sticks, fake access points, tracking devices etc.
29. Primary/ Secondary
Primary Risks are the risks
directly caused by the drone
like physical damages to
facilities, injuries to spectators
and athletes.
Secondary Risks are the risks
caused by a drone like mass
panic, damages to the
reputation, liability and
copyright issues, cancellation
and delay of activity and
political implications.
32. GeofencingCollisionPayloadCatchingPredatorMissile Projectiles Jamming No-fly zonesEMP Shutters
Effectiveness
Safety
Public
Acceptance
Legality
Costs
…
Cyber
1-10 (most)
1-10 (best)
1-10 (most)
Regulated –
non-regulated
1-10 (highest)
10 7 8 9 7 5 6 7 8 2 2 6
8
reach
automatism
reach
5
Limited reach
8
collateral
8
Agility, speed
7
injuries
hit rate
4
reach
3
hit rate reach
7
hit rate
5 If not
tampered
9
organizational
2
policies
9
collateral
2
Less collateral
4
GPS, Galileo
9
application
5 7 6
collateral
3 8
collateral
3
GPS
8
GPS, FIrmware
8 6
Not
appropriate
2
dangerous
3
Widely
accepted
9
damages
5
Friendly, injuries
8 7 3 Less
destructive
8 6 9 8 7
Cracking WPA legitimization
asymmetric overshooting GLONASS Crash landing Sec. landing Crash landingtarget aquis. Remote ctrl Vendor controlled Limiterd scope
disproportional
Eco. nonsense Destruction of
property
Non threatening
to public
Destruction of
property
Destruction of
property
Destruction of
property
Regulated
-Defence
-Military
Private/
Gov:
Regulated
Others: non-
regulated
Fobidden
by FCC
fcc.gov/general/j
ammer-
enforcement
Non-
regulated
- Appropriate-
ness of
counter-
measures
Non-regulated Non-
regulated
- Appropriate-
ness of
counter-
measures
Non-
regulated
- Appropriate-
ness of
counter-
measures
Data
protection
act
Non-
regulated
- Appropriate-
ness of
counter-
measures
Regulated
https://www.bakom.admin.ch/bakom/en/homepage/equipments-and-installations/particular-equipment/jammers.html
Regulated
-DJI etc.
- Firmware
- SW updates
- Flight ctrls.
Non-
regulated
- - Private
policies
22 19 34 27 29 22 15 30 24 28 20 28
A AIA AA A A A AI PI PIA
33. Effectiveness
Safety
Public
Acceptance
Legality
Costs
…
1-10 (most)
1-10 (best)
1-10 (most)
Regulated –
non-regulated
1-10 (highest)
Jamming
8
Limited reach
8
GPS, Galileo
9
Widely
accepted
9
GLONASS
Fobidden
by FCC
fcc.gov/general/j
ammer-
enforcement
34
A
Predator
7
Agility, speed
7
injuries
7
Friendly, injuries
8
Sec. landing
Non threatening
to public
Non-regulated
29
A
Cyber
7
reach
7
8
Less
destructive
8
Cracking WPA
Remote ctrl
Data
protection
act
30
A
Geofencing
2
If not
tampered
9
GPS
8
9
Regulated
28
PI
Shutters
6
policies
9
6
7
Limiterd scope
Non-
regulated
- - Private
policies
28
AI
EMP
9
collateral
8
application
5
damages
5
Crash landing
Destruction of
property
Non-
regulated
- Appropriate-
ness of
counter-
measures
27
A
34. What's left?
▪A two step approach is
recommended:
1.) Detection, Recording and
Triangulation (Forensic Grade)
2.) Active Defence Mechanism's,
Take Down and Block Starting
GeofencingShuttersCyber
Today
Regulation changes quite
regularly check back often.
38. The Photo
A particular press photo caught the attention…
The city is a no-fly zone.This photo was suspect in regards
to the angle taken and the person looking up.
39. With the help of
google Street view
the place the photo
was taken could be
investigated.
Correlation of the
drone detection log
and the picture from
the press leads to a
high likelihood that
the photo was taken
by a DJI Mavic Pro.
OSINT
To be affirmative the drone should be seized and the pictures EXIF'd.