My talk will be about drone threats in general and how you can assess drone based threats. I will show the comprehensive threat assessment methodology and the countermeasures you can take against the drone threat. The threat assessment is based on a catalog of about 140 items. Particularly interesting will be looking at the drone threats in relation to: Planting payload at specific locations (i.e. hacking equipment transported to target location for instance) Tampering communication equipment with the help of drones Insider threat communicate with an insider with the help of a drone Hacking the communication of a drone Privacy violations etc.

1. CYBER SECURITY
CONFERENCE
June 25th to 29th 2018
Drones the new
weapon of choice
- also for hackers
09:30 - 10:15
By Dominique C. Brack

2. About me…
Info Sec Enthusiast

3. Cooperative
Drones

4. Non-
Cooperative
Drones

5. My frame of mind…
I am
playing
defence
To be good at
defence you
need to know
the attack
capabilities as
well.

6. Business/
Consulting
Perspective
Cyber/
Security
Perspective
Critical
Infrastructure
Perspective
My Goals for this talk
Knowing how to assess
risk and select
appropriate
countermeasures for
your critical
infrastructure. Know the
CBRNNE threats. Identify
areas of weak defence.
Knowing what
implications drones will
have on you. Knowing
the relevant attack
vectors for your context
(Bank, Factory,
Datacenter, City Planer
etc.).
Developing drone
based business/
consulting skills.To
be able to define
drone based
services (audit,
testing, sensors, etc.)

7. How did the drones
topic find me?
Critical infrastructure provider was looking for solutions.
eHealth provider (hospital) asked about risk mangement.
Government asked specifically about drone capabilities.
And maybe
you in the
future

8. Your worst enemy
handling drone risks
is called
Innovation

9. Why are drones an
Infosec topic?
And why this is definitely the right place for it.
Infosec as in
Information
security and not
just IT security.

10. Drones an
Infosec topic
YES!
▪ Drones are the worst
flying IoT device you
can imagine
▪ To successfully working
drone based risks
Cybersecurity must
join Physical Security
"CyPhys" or "Phycy" ?

11. About Drones
UAV's
RPAS
▪ 0-100 Km/h: 3 seconds
▪ Stopping distance: 5m
▪ Max. speed: up to 185 Km/h
▪ Altitude (DJI Phantom4): 3'799Meters
▪ Flight times: up 45 minutes or more
▪ Payload: up to a person
▪ Reach: with 5G or GSM worldwide
▪ Costs 100$ - 20'000$ or more
▪ GPS, GALILEO and GLONASS
2.4 GHz (2400-2483.5 MHz), 5.8 GHz (5725-5875 MHz)
Beyond Visual Line of Sight (BVLOS),Visual Line of Sight
(VLOS), First Person View (FPV),
Some Drone Basics

12. Regulation
▪ https://www.easa.europa.eu/easa-and-
you/civil-drones-rpas
▪ https://www.geoportail.gouv.fr/donnees/
restrictions-pour-drones-de-loisir
▪ https://www.federation-drone.org/les-
drones-dans-le-secteur-civil/la-
reglementation-francaise/
▪ https://www.les-
drones.com/reglementation/
Regulation never
stopped actual
criminals, terrorists
or ill advised
people. You need to build
you defence capabilities yourself.

13. Paris Geomap

14. Drones are a
FUD
topic

15. Fear
Uncertainty
Doubt
Circus
Low maturity topic
Innovation topic
Start-up mentalityThis means you have to test & verify all the way!

16. Why
Testing
?
Some product promises
are like unicorns walking
over rainbows (test &verify).

17. Drone Risk Methodology and Strategy Development
Collection of drone based incidents and verification
of plausibility based on reputation of source.
Based on experience the development of the Drone
Threat Catalogue including the categories.
Definition of the Drone Threats and Drone
Countermeasures based on current technology.
Governance: building a Threat Radar

18. Drone Threat Catalogue

19. Highlightsfrom
theCatalogue
(140Risks)
Espionage (Spying)
Shoulder Surfing through Windows/ Rooftops
Eavesdropping with Drone Mounted Laser
microphone
Privacy Intrusion
Behavioral/ Habitual Analysis
Sexual Preferences
Health Condition/ Status
Computer Systems Hacking (Intrusion)
Hacking of a Person's Medical Equipment
Kinetic (Just the Drone)
Destroy the one in 10Years Flowering (Amorphophallus titanum)
Chasing Animals to exhaustion
Economic
Create disproportionate reputational damage (Political)
Constant provocations (restricted no fly zones) requiring
constant attention
Intrusion/ Trespassing
Evidence & Crimescene Destruction/ Tampering/ Alteration
Theft:Tangible items i.e. plans, maps, jewelry, art objects (statues), Laptops,
Mobile Phones etc.
Abductions: Children or pets

20. 11 Drone Attack Vectors
Drone Threats
Payload Attacks Comp. Sys. Hacking
Kinetic Attacks
Privacy IntrusionSignal Hacking
Espionage (Spying) EconomicCivil Disobedience
Insider Threat
SurveillanceIntrusion/ Tresp.
> Icons copyright © Reputelligence 2017

21. 6 CBRNNE Threats
CBRNNEThreats
(Payload Subgroup Defencespecific)
Chemical Biological Radiological
Nuclear Narcotics Explosives
> Icons copyright © Reputelligence 2017

22. Geofencing Collision
Payload
Catching
Predator BirdMissile Projectiles
Jamming No-fly zones
EMP
Shutters
12 Drone Countermeasures
DroneThreatsCountermeasures
Cyber
> Icons copyright © Reputelligence 2017

23. Threat Radar
The Drone Guard drone threat radar is a management tool for assessing
specific risks.The radar presents a current view on the specific risks and
the expected future development of the specified risks if no actions are
taken. It helps to prioritise and agree on the development of risks.The
sectors are actors from where the specified risk will most likely arise. Each
threat on the radar is explained in detail.

24. ▪ Drone Guard Threat Radar
07-2017
▪ 11 Identified threat
groups (detailed
description available)
▪ 5 defined sectors (actors)
▪ Presentation for selected
groups possible
▪ Strictly internal

25. Some Payload Examples
For testing purposes
we mounted a DJI
Phantom 2 with a
payload device.
The device can be
remotely dropped.
It can be filled with
anything you want.
You can also drop memory sticks, fake access points, tracking devices etc.

26. SomePayload
Examples

27. Movie time!

29. Primary/ Secondary
Primary Risks are the risks
directly caused by the drone
like physical damages to
facilities, injuries to spectators
and athletes.
Secondary Risks are the risks
caused by a drone like mass
panic, damages to the
reputation, liability and
copyright issues, cancellation
and delay of activity and
political implications.

30. Drone Threats
Countermeasures Assessment
What works best?

31. The5
Assessment
Criteria's
▪Effectiveness
▪Safety & Risk
▪Public acceptance
▪Legality
▪Costs

32. GeofencingCollisionPayloadCatchingPredatorMissile Projectiles Jamming No-fly zonesEMP Shutters
Effectiveness
Safety
Public
Acceptance
Legality
Costs
…
Cyber
1-10 (most)
1-10 (best)
1-10 (most)
Regulated –
non-regulated
1-10 (highest)
10 7 8 9 7 5 6 7 8 2 2 6
8
reach
automatism
reach
5
Limited reach
8
collateral
8
Agility, speed
7
injuries
hit rate
4
reach
3
hit rate reach
7
hit rate
5 If not
tampered
9
organizational
2
policies
9
collateral
2
Less collateral
4
GPS, Galileo
9
application
5 7 6
collateral
3 8
collateral
3
GPS
8
GPS, FIrmware
8 6
Not
appropriate
2
dangerous
3
Widely
accepted
9
damages
5
Friendly, injuries
8 7 3 Less
destructive
8 6 9 8 7
Cracking WPA legitimization
asymmetric overshooting GLONASS Crash landing Sec. landing Crash landingtarget aquis. Remote ctrl Vendor controlled Limiterd scope
disproportional
Eco. nonsense Destruction of
property
Non threatening
to public
Destruction of
property
Destruction of
property
Destruction of
property
Regulated
-Defence
-Military
Private/
Gov:
Regulated
Others: non-
regulated
Fobidden
by FCC
fcc.gov/general/j
ammer-
enforcement
Non-
regulated
- Appropriate-
ness of
counter-
measures
Non-regulated Non-
regulated
- Appropriate-
ness of
counter-
measures
Non-
regulated
- Appropriate-
ness of
counter-
measures
Data
protection
act
Non-
regulated
- Appropriate-
ness of
counter-
measures
Regulated
https://www.bakom.admin.ch/bakom/en/homepage/equipments-and-installations/particular-equipment/jammers.html
Regulated
-DJI etc.
- Firmware
- SW updates
- Flight ctrls.
Non-
regulated
- - Private
policies
22 19 34 27 29 22 15 30 24 28 20 28
A AIA AA A A A AI PI PIA

33. Effectiveness
Safety
Public
Acceptance
Legality
Costs
…
1-10 (most)
1-10 (best)
1-10 (most)
Regulated –
non-regulated
1-10 (highest)
Jamming
8
Limited reach
8
GPS, Galileo
9
Widely
accepted
9
GLONASS
Fobidden
by FCC
fcc.gov/general/j
ammer-
enforcement
34
A
Predator
7
Agility, speed
7
injuries
7
Friendly, injuries
8
Sec. landing
Non threatening
to public
Non-regulated
29
A
Cyber
7
reach
7
8
Less
destructive
8
Cracking WPA
Remote ctrl
Data
protection
act
30
A
Geofencing
2
If not
tampered
9
GPS
8
9
Regulated
28
PI
Shutters
6
policies
9
6
7
Limiterd scope
Non-
regulated
- - Private
policies
28
AI
EMP
9
collateral
8
application
5
damages
5
Crash landing
Destruction of
property
Non-
regulated
- Appropriate-
ness of
counter-
measures
27
A

34. What's left?
▪A two step approach is
recommended:
1.) Detection, Recording and
Triangulation (Forensic Grade)
2.) Active Defence Mechanism's,
Take Down and Block Starting
GeofencingShuttersCyber
Today
Regulation changes quite
regularly check back often.

35. Drone Detection is
not Drone Defence!

36. Data collection with drone detection sensors installed in our locations (over IoT cloud).
Example Manual Forensic

37. Detection Log
Forensic sound, court admissible log file of drone detected.

38. The Photo
A particular press photo caught the attention…
The city is a no-fly zone.This photo was suspect in regards
to the angle taken and the person looking up.

39. With the help of
google Street view
the place the photo
was taken could be
investigated.
Correlation of the
drone detection log
and the picture from
the press leads to a
high likelihood that
the photo was taken
by a DJI Mavic Pro.
OSINT
To be affirmative the drone should be seized and the pictures EXIF'd.

40. Testing is Dangerous and expensive
Lucky it was not
my wife's car…

41. Beware!
Fish gills…
There is such a thing as a
typical drone injury…
You may look away

42. Upping safety!

43. Never!
Ever!
Do!
This! No 10 finger typing anymore…

44. Do! This!
Always!

45. Movie time!

47. The End