SlideShare une entreprise Scribd logo

The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) - DroneSec GDSN#2

DroneSec
DroneSec

Mike Monnik (DroneSec) Talk Recording: https://www.youtube.com/watch?v=-zuJerGWTWs The Global Drone Security Network (GDSN) is the only event of its kind focusing on Cyber-UAV security, Drone Threat Intelligence, Counter-UAS, and UTM security. Watch the full recording here: https://www.youtube.com/watch?v=vZ6sRr65cSk Speaker: https://www.linkedin.com/in/mike-monnik-23026a75/ DroneSec is a cyber-uav security and threat intelligence company who hosted this second series of the GDSN community event. https://dronesec.com/

Technologie
1  sur  55
Télécharger pour lire hors ligne
“Let’s catch or shoot them down!” > Drones are classified as aircraft “Can we block their signal or jam them from entering our property?” > Illegal to interfere with an operating radio communications device > It is not trespass, as you don’t own your airspace “What about just detecting them….then sending the police after the operator!” > Even police have legal difficulty intercepting or tracing drones.
We are in a time where UAV threats to critical infrastructure, the legislation governing and actions taken countering those threats with mitigation technologies, the response by law enforcement (and the technical skills needed) are not an easy answer. Most times, this just results in the finger being pointed towards physical security and the responsibility of the manufacturer. LUCAS LE BELL VICTOR VUILLARD KIM JAMES CHRISTOPHER CHURCH EVANGELOS MANTASJACOB TEWES DAVID KOVAR ULF BARTH
LUCAS LE BELL VICTOR VUILLARD KIM JAMES CHRISTOPHER CHURCH EVANGELOS MANTAS JACOB TEWES DAVID KOVAR ULF BARTH MIKE MONNIK
Resources in the Description (SHOW MORE) ● Schedule ● Presenter Slides ● Code of Conduct DroneSec team during the event: Masumi Arefune - Event Coordinator Arison Neo - Content Moderator John Rihanna - Commercial Contact Mike Monnik - MC and Host DISCUSSION AND Q’N’A
Global Drone Security Network #2 Aim: To be a source of authority and standards for drone security around the world. Mission: Ensure safe and secure drone operations, enabling innovation and preventing restrictions. Speakers: Drone hobbyists and/or commercialists. This event is for the future of drones not against them. Event: No one paid to speak here. No one was paid to speak here. There are no sponsors or commercial deals. All are live - no pre-recordings.
Running Agenda (UTC+10) 19:00 - The State of Drone Security – Analysing 1000+ drone incidents by (Mike Monnik) 20:00 - Drone Security & Law Enforcement by (Christopher Church) 21:00 - Securing High Value Assets from above while grappling with the cost/benefit equation by (Kim James) 22:00 - C-UAS against Swarms by (Ulf Barth) 23:00 - Security of a drone platform by (Victor Vuillard) 24:00 - Five next-gen UAV evolutions every sensitive site should open their eyes to by (Lucas Le Bell) 01:00 - The Need for Drone Forensic Investigation Standardisation by (Evangelos Mantas) 02:00 - Counter-UAS: Legal Challenges and Solutions for Research and Development by (Jacob Tewes) 03:00 - Keynote: UAV Threats to the Oil and Gas Industry by (David Kovar)
The State of Drone Security Mike Monnik Presentation Length: ~45 minutes
Chief Technical Officer Offices: Melbourne, Sydney and Singapore Weekly UAV Threat Intelligence Newsletter MIKE MONNIK
Core Concepts – Drone Security Protection of friendly drones against attackers Protection against rogue drones Protection of the systems that support, manage and counter drones >_
2. TYPES OF DRONES
Hobby Farming FPV Racing Make: DJI Phantom 4 Cost: $950+ Range: 3-5km @ 30mins Functionality: Video, Photos Laws & Regulations: 30m from people and buildings 120m height limit No night time flying Make: Yuneec H520 Cost: $5000+ Range: 1.5km @ 25mins Functionality: Media, thermal vision, 3D Modelling, seed sowing, Laws & Regulations: Notification and certs commercial Night time flying with approval Make: JohnnyFPV AstroX Cost: $600+ Range: 500m @ 5-10mins Functionality: Media, FPV vision Laws & Regulations: Authorised ISM bands only COTS UAS/UAV/RPAS/DRONE
3. BLUE- PRINTS
Vendor Server Approximate Location (5-10km) Hardware Information (serial #s) Mobile/Controller GPS Location Drone GPS Location Flight data (optional) NFZ codes Profile Information / Username 2.4ghzcontrollink 5.8ghzvideolink Controller Drone GPS Device/Application Internet: 4G/LTE How does a drone work?
DroneGPS Approximate Location (5-10km) Hardware Information (serial #s) Mobile/Controller GPS Location Drone GPS Location Flight data (optional) NFZ zones Profile Information / Username Telcom Tower Fleet Management Server 4G/LTE control & video link How does an autonomous drone work?
Device/Application (192.168.1.30) Android or iOS Vendor Application USB, Bluetooth or WiFi link Drone (192.168.1.2) OpenWRT Linux or similar Internal and External Storage 2.4ghz – 5.8ghz antennas The Drone Stack Controller (192.168.1.1) OpenWRT Linux or similar Embedded or external device 2.4ghz – 5.8ghz antennas Vendor Server (13.249.134.125) Profile, flight logs, flight data, No-Fly-Zone codes Optional: Purchases, linked accounts, country registration information
Single Drone == Desktop PC Similarities to Cyber Security UTM System == Enterprise Network Counter-Drone System == Anti-Virus
4. ATTACK VECTORS
Remote Hijack or Permanent Denial-of-Service Bug Classes (Bug Bounty Program) $30,000 Remote Access to data or Temporary Denial-of-Service $5,000Drones and Hardware https://security.dji.com/policy Mobile Applications, Websites, Servers and Infrastructure $30,000 Hijack Drone(s), Access to User Data, Underlying issues
Common Security Risks ● Hardcoded SSH/FTP/WiFi/Telnet passwords ● Vendor control, visibility and remote patching ● Provide more focused power/bandwidth (deauthenticate) ● Open WEP, Default/Weak WPA2 passwords ● Spoof controller commands and hijack drone control ● Prevent/lockout pilot on-board linux tools ● Privesc to extract data and video ● Hijack the video stream to the controller ● Access user purchases, pictures, video, audio ● Access user flight records and telemetry data ● Access flight controls (automated drones) Device/Application Controller Drone Vendor Server
Misconfiguration leaking drone vision and telemetry analytics 7 2020: In Numbers - DroneSec Offensive Cyber Security (Responsible Disclosure) Total high-priority findings affecting UAS, CUAS and UTM 3 Vulnerabilities leaking customer and pilot information 1 Misconfiguration leaking police department drone purchases 1 2 Vulnerabilities resulting in access to CUAS and UTM control panels
5. BAD ACTORS
:NOTICE: The following slide contains images of violence and/or battlefield footage
https://www.memri.org/reports/decade-jihadi-organizations-use-drones-%E2%80%93-early-experi ments-hizbullah-hamas-and-al-qaeda MEMRI (Middle East Media Research Institute) Malicious drone usage by ISIS
Counter-Unmanned Aircraft System Techniques (ATP 3-01.81) “Both reconnaissance and attack capabilities have matured to the point where UAS represent a significant threat to the army...” “If UAS is observed over your position, you are already compromised. Units must attempt to engage and destroy the UAS using any organic means available” US Army and Drones
“Giant Mechanical Geese from Hell” ~ David Hambling
6. COUNTER DRONES
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3304914 - Jacob Tewes @flyinglawyer Overview – “Drone Defense is Still Illegal”
7. THREAT INTELLIGENCE
Contact TracingThreat Intelligence A: Investigate events, incidents and the specific information. Categorise, tag and analyse. B: Use the information to inform SOPs, compare to current results C: Refine targeting systems and feed detection information back to A. D: Continue predicting and reacting to rogue/malicious UAV with a view of apprehending/tracking operators Cross-Matching data and patterns
UAS Threat Actor Example (Snipped) Recorded malicious drone use by member groups: Khalistan Zindabad Force (KZF) Ranjit Singh Neeta (Leader) Motivation and Goals: To conduct surveillance on security forces To conduct reconnaissance for possible areas for landing and deliveries of contraband To supply contraband to criminal groups for the conduct of acts of terror against nation states Tactics, Techniques and Procedures: Self-taught in engineering and modifying of drone parameter and hardware components Recruiting local youths and elderly to conduct a significant number of regular border flights Take-off and landing positions in close-proximity border villages and towns over Line-of-Control (LoC) Recorded Use of Drone/Equipment: Quadcopters, Multi-rotors, Fixed-Wing DJI Matrice 600, DJ Mavic 2, DJI Phantom 4 “Low-Noise” propellers Recorded Contraband/Crime: Ammunition, Explosives, Counterfeit money, Firearms (AK-47 & M4 assault rifles, M67 grenades) Communication devices (Radio devices, GPS device, batteries) Recorded Area of Operations: Kanzalwan (North western end of Jammu and Kashmir, India) Satwal Sector along LOC (Pakistan)
Sources and Drag Net Approach 200+ Passive Sources International Aviation Authorities Academic Sources & University Agreements Pilots – Commercial and Private Airlines Commercial Partnerships Information Security Sources Newsletters and Email Lists Law Enforcement Subscribers & Community Contributions Active Sources TOR/Dark and surface web communication channels - Chat applications, Forums Proprietary aggregation software - Search Engines - Social Media - Government Sources - News and Media Live sightings and reports Counter-UAS detection feeds Keywords Base: drone, uav, uas, rpas (Other language translations) Variations: counter, anti, security, hacking, exploit, bypass Additionals: Airport, Prison, Correctional Facility, Energy Facility, Nuclear, Electricity, Power, Runway Custom: “JFK” “Tullamarine” “Michigan Stadium” “Bison Power” “
Social Media Example Source - Social Media (Twitter) Keyword matches: - “drohne” AND “airport” Time & Date: - 16:52 June 1st Airport: - ACME (Geo-match) Database: - ACME Airport - NX1 CUAS System (News Ref: May 3rd) IMAGE IS FOR EXAMPLE PURPOSES ONLY
8. INCIDENT ANALYSIS
90High Priority Incidents 29Cyber Security Incidents 293Medium-Low Priority Incidents 266Whitepapers and Publications: UAV Security 2020: In numbers 11Tracked UAS Threat Actor Groups (Reoccurring)
46 Countries Involved Canada Mexico USA UK Australia France Germany 2020: Narcotics Total Narcotics incidents 23 Occurred at prisons* 17 Occurred across borders 6 Occurred in suburban areas
2020: Narcotics and Prisons 28% of drones seized by authorities were due to operator crashes ● Weight of payload (control or battery loss) ● BVLOS, out of range or night-time flying ● Trees or wires 25% of operators apprehended, of that 10% through drone forensics ● Most launched within <5km of the prison, from vehicles or forests ● Most used drones under 2kg Most common payloads: ● Narcotics ● SIM cards ● Shivs/Weapons ● Cash
Canary Drones In two events, operators sent a smaller, non-payload equipped drone to fly over the prison to assess CUAS or staff response. ● This occurred both 24 hours before and just 10 minutes before ● A larger or payload equipped drone sent afterwards Pseudo-Swarm Drones In one event, operators flew three separate drones over the facility. Guards were alerted, drones continued to operate for 7 minutes. ● Only one drone is suspected of dropping the payload Anti-Forensics In some cases: Removing SD card, disabling caching, disabling RTH functions, serial information and purchasing systems and batteries 2nd hand, custom apps 2020: Narcotics and Prisons - Scenarios
Where mitigation is not possible, detection will be key ● Detection-only systems with quick-response SOPs ● Physical security, deception techniques and netting Drone capabilities for heavy lift and carry will increase ● ~$80,000 for a 25kg lift/carry is affordable to organised crime groups ● Drone manufacturers will seek hardware and software identification ● Second-hand drone sales may see vehicle transfer registration Prisons will consider drones as Hostile Vehicle Mitigation 2020: Narcotics and Prisons Forecast
64 Borders Involved India/Pakistan India/China Mexico/USA Israel/Gaza Isreal/Lebanon Azerbaijan/Georgia Russia/Ukraine Singapore/Malaysia 2020: International Borders Total Border incidents 20 Occurred between India/Pakistan
2020: Borders High number of drones seized by authorities Low due to CUAS ● Most are one-way flights ● Heavier payloads are easier to shoot with small arms fire ● Some have payloads removed Extremely low number of operators apprehended ● Most launched from border towns, extended range near borders ● Many flown by unsuspecting recruits not connected to crime ● Many drones over 2kg (more funding? different payloads?) Most common payloads: ● Narcotics ● Ammunition/explosives/weapons ● Communication devices
Enable large operations ● Used as distractions to pull responders away from key chokepoints ● Live-stream vision across-borders to assess positions: human trafficking ● Used to guide planes to land in black-out jungle areas Camouflage and Deception ● Observed using low-profile noise reduction propellers ● Being painted sky-blue or cloud-white, lights taped over Proxy weapon of choice by military - attribution ● COTS drones have the price point and appearance of being civilian ● Capabilities allow military supplies or remote weaponisation ● Hard to determine if rogue drone was nation state, rebel or hobbyist 2020: Borders - Scenarios
CUAS will require larger footprints ● Usual radius of detection/mitigation is 5km-10km range ● Detection features will be built into Telecommunication or Physical assets ● Careful geo-positioning to only control ‘this side of the fence’ Countries may seek border/country No-Fly-Zones ● Goefencing and Remote ID may change NFZ from airspace to per-country Borders will require hard-stop CUAS ● Compared to prison, airport and critical infrastructure incidents, border drones continue to carry weaponised or ordnance payloads. 2020: Border Forecast
Most incidents included: 1. Battlefield (Syria, Ukraine) 2. Borders 3. Prisons 4. Sporting Stadiums 5. Emergency Services 6. Critical Infrastructure 7. Aviation/Airports 2020: A year in review and looking to 2030 Law Enforcement ● COVID19 uptik ● Emergency response ● Public Privacy Issues ● Lack of legislation for CUAS ● Lack of SOP for DFIR Cyber and Data Security ● Mobile Application Security ● Privacy from manufacturers ● UTM and C-CUAS as a target CUAS Systems ● Splitting detection and response ● Integration with UTM/UAM ● Lack of legislation for private/commercial customers ● Jamming and signal manipulation increasing Threat Intelligence ● Nationwide sharing for LE ● ADSB + ATM + UTM Integrations ● Inform CUAS product development
End-to-end Drone Security includes many components: Manufacturers, Physical Security, Counter-UAS, Laws & Regulations, Forensics, Threat Intelligence… Working groups are required between: ● Counter-UAS ● Law Enforcement ● Aviation (ATM/UTM) ● Law makers ● Hobbyists Drones make up three quadrants • Electronic • Kinetic • Close-proximity and air-space Drones require a new joint-capability of traditional and emerging threat intelligence, risk analysis and embedded security to foster innovation and safely prevent restrictions on the industry. Summary
THANK YOU AND WELCOME. mike.m@dronesec.com - dronesec.com Resources Notify Threat Intelligence Platform dronesec.com/pages/notify Weekly UAV Threat Intel Newsletter (free) dronesec.com/pages/dronesec-notify Slack Discussion Group dronesec.slack.com UAS Threat Actor Glossary By vetted request only: info@dronesec.com
THANK YOU. SPEAKERS Christopher Church Kim James Ulf Barth Victor Vuillard ORGANISERS DroneSec Privasec Masumi Arefune Arison Neo Mike Monnik Lucas Le Bell Evangelos Mantas Jacob Tewes David Kovar SPECIAL MENTIONS Jill Taylor Philippe Rouin Daniel Ting All the attendees!

Recommandé

Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...
Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...
Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...DroneSec
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 
UAV
UAVUAV
UAVShubham Chauhan
 
Drone-Unmanned Aerial Vehicle
Drone-Unmanned Aerial VehicleDrone-Unmanned Aerial Vehicle
Drone-Unmanned Aerial Vehicleshivu1234
 
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
 
Overview Of Unmanned Aircraft Systems (UAS)
Overview Of Unmanned Aircraft Systems (UAS)Overview Of Unmanned Aircraft Systems (UAS)
Overview Of Unmanned Aircraft Systems (UAS)Mark Lewellen
 
unmanned aerial vehicle (UAV)
unmanned aerial vehicle (UAV)unmanned aerial vehicle (UAV)
unmanned aerial vehicle (UAV)UDIT PATEL
 
Unmanned aerial vehicle (uav)
Unmanned aerial vehicle (uav)Unmanned aerial vehicle (uav)
Unmanned aerial vehicle (uav)vikramsingh1358
 

Recommandé

Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...
Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...
Counter-UAS: Legal Challenges and Solutions for Research and Development (Jac...DroneSec
 
Self Learning Anti Drone System
Self Learning Anti Drone SystemSelf Learning Anti Drone System
Self Learning Anti Drone Systemyovist taufan
 
UAV
UAVUAV
UAVShubham Chauhan
 
Drone-Unmanned Aerial Vehicle
Drone-Unmanned Aerial VehicleDrone-Unmanned Aerial Vehicle
Drone-Unmanned Aerial Vehicleshivu1234
 
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2
Drone Security & Law Enforcement (Chris Church) - DroneSec GDSN#2DroneSec
 
Overview Of Unmanned Aircraft Systems (UAS)
Overview Of Unmanned Aircraft Systems (UAS)Overview Of Unmanned Aircraft Systems (UAS)
Overview Of Unmanned Aircraft Systems (UAS)Mark Lewellen
 
unmanned aerial vehicle (UAV)
unmanned aerial vehicle (UAV)unmanned aerial vehicle (UAV)
unmanned aerial vehicle (UAV)UDIT PATEL
 
Unmanned aerial vehicle (uav)
Unmanned aerial vehicle (uav)Unmanned aerial vehicle (uav)
Unmanned aerial vehicle (uav)vikramsingh1358
 
Drones (UAV)
Drones (UAV)Drones (UAV)
Drones (UAV)Raj Rajeshwar Singh Rathore
 
Drone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in IndiaDrone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in IndiaKaushik Biswas
 
UAV Presentation
UAV PresentationUAV Presentation
UAV PresentationRuyyan
 
Drone- A killer & Deliverable
Drone- A killer & DeliverableDrone- A killer & Deliverable
Drone- A killer & DeliverableShravan kumar
 
Drone’s
Drone’sDrone’s
Drone’skarthik kumar
 
drone technology
drone technologydrone technology
drone technologyUmesh Dadde
 
drone
dronedrone
droneakshay ghanwat
 
Commercial Drones: Current State of the Industry
Commercial Drones: Current State of the IndustryCommercial Drones: Current State of the Industry
Commercial Drones: Current State of the IndustryColin Snow
 
Drone sUAV Forensics
Drone sUAV ForensicsDrone sUAV Forensics
Drone sUAV ForensicsMAkbarMarwan
 
Drones and all about it seminar
Drones and all about it seminar Drones and all about it seminar
Drones and all about it seminar Jayaram .P
 
Drones 101
Drones 101Drones 101
Drones 101Amos Tay
 
FDR and CVR of Aircrafts
FDR and CVR of AircraftsFDR and CVR of Aircrafts
FDR and CVR of Aircraftsalpha_sherdil
 
The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4Dronefly
 
Introduction to Quad-copters, Drones
Introduction to Quad-copters, DronesIntroduction to Quad-copters, Drones
Introduction to Quad-copters, Droneswinfred lu
 
Unmanned aerial vehicle
Unmanned aerial vehicleUnmanned aerial vehicle
Unmanned aerial vehicleYevhen Poliakov
 
Air Traffic Control and Nav Aids
Air Traffic Control and Nav AidsAir Traffic Control and Nav Aids
Air Traffic Control and Nav AidsEmmanuel Fuchs
 
Drone and its application
Drone and its applicationDrone and its application
Drone and its application14209276
 
Drones
DronesDrones
DronesAtharva Chavan
 
Drones
DronesDrones
DronesGuada Casuso
 
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential Applications
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential ApplicationsUAVs: Understanding Unmanned Aerial Systems (UAS) and Potential Applications
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential ApplicationsAmerican Society of Civil Engineers, Orange County Branch
 
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsDefense Report
 
counter drone market
counter drone marketcounter drone market
counter drone marketDefense Report
 

Contenu connexe

Tendances

Drone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in IndiaDrone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in IndiaKaushik Biswas
 
UAV Presentation
UAV PresentationUAV Presentation
UAV PresentationRuyyan
 
Drone- A killer & Deliverable
Drone- A killer & DeliverableDrone- A killer & Deliverable
Drone- A killer & DeliverableShravan kumar
 
drone technology
drone technologydrone technology
drone technologyUmesh Dadde
 
Commercial Drones: Current State of the Industry
Commercial Drones: Current State of the IndustryCommercial Drones: Current State of the Industry
Commercial Drones: Current State of the IndustryColin Snow
 
Drone sUAV Forensics
Drone sUAV ForensicsDrone sUAV Forensics
Drone sUAV ForensicsMAkbarMarwan
 
Drones and all about it seminar
Drones and all about it seminar Drones and all about it seminar
Drones and all about it seminar Jayaram .P
 
Drones 101
Drones 101Drones 101
Drones 101Amos Tay
 
FDR and CVR of Aircrafts
FDR and CVR of AircraftsFDR and CVR of Aircrafts
FDR and CVR of Aircraftsalpha_sherdil
 
The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4Dronefly
 
Introduction to Quad-copters, Drones
Introduction to Quad-copters, DronesIntroduction to Quad-copters, Drones
Introduction to Quad-copters, Droneswinfred lu
 
Air Traffic Control and Nav Aids
Air Traffic Control and Nav AidsAir Traffic Control and Nav Aids
Air Traffic Control and Nav AidsEmmanuel Fuchs
 
Drone and its application
Drone and its applicationDrone and its application
Drone and its application14209276
 

Tendances (20)

Drones (UAV)
Drones (UAV)Drones (UAV)
Drones (UAV)
 
Drone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in IndiaDrone Insights 2021, and its Impact on other sectors in India
Drone Insights 2021, and its Impact on other sectors in India
 
UAV Presentation
UAV PresentationUAV Presentation
UAV Presentation
 
Drone- A killer & Deliverable
Drone- A killer & DeliverableDrone- A killer & Deliverable
Drone- A killer & Deliverable
 
Drone’s
Drone’sDrone’s
Drone’s
 
drone technology
drone technologydrone technology
drone technology
 
drone
dronedrone
drone
 
Commercial Drones: Current State of the Industry
Commercial Drones: Current State of the IndustryCommercial Drones: Current State of the Industry
Commercial Drones: Current State of the Industry
 
Drone sUAV Forensics
Drone sUAV ForensicsDrone sUAV Forensics
Drone sUAV Forensics
 
Drones and all about it seminar
Drones and all about it seminar Drones and all about it seminar
Drones and all about it seminar
 
Drones 101
Drones 101Drones 101
Drones 101
 
FDR and CVR of Aircrafts
FDR and CVR of AircraftsFDR and CVR of Aircrafts
FDR and CVR of Aircrafts
 
The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4The Anatomy of a Drone - DJI Phantom 4
The Anatomy of a Drone - DJI Phantom 4
 
Introduction to Quad-copters, Drones
Introduction to Quad-copters, DronesIntroduction to Quad-copters, Drones
Introduction to Quad-copters, Drones
 
Unmanned aerial vehicle
Unmanned aerial vehicleUnmanned aerial vehicle
Unmanned aerial vehicle
 
Air Traffic Control and Nav Aids
Air Traffic Control and Nav AidsAir Traffic Control and Nav Aids
Air Traffic Control and Nav Aids
 
Drone and its application
Drone and its applicationDrone and its application
Drone and its application
 
Drones
DronesDrones
Drones
 
Drones
DronesDrones
Drones
 
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential Applications
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential ApplicationsUAVs: Understanding Unmanned Aerial Systems (UAS) and Potential Applications
UAVs: Understanding Unmanned Aerial Systems (UAS) and Potential Applications
 

Similaire à The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) - DroneSec GDSN#2

Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsDefense Report
 
CSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectCSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectBen Othman
 
Small UAVs -Technology Overview
Small UAVs -Technology OverviewSmall UAVs -Technology Overview
Small UAVs -Technology OverviewJurgen Daniel
 
Securing High Value Assets from above while grappling with the cost/benefit e...
Securing High Value Assets from above while grappling with the cost/benefit e...Securing High Value Assets from above while grappling with the cost/benefit e...
Securing High Value Assets from above while grappling with the cost/benefit e...DroneSec
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSDRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSReputelligence
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...DroneSec
 
From Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone DefenseFrom Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone DefenseNovoQuad
 
UAS- Unmanned Aircraft Systems Civil & Public Application_ Presentation
UAS- Unmanned Aircraft Systems Civil & Public Application_ PresentationUAS- Unmanned Aircraft Systems Civil & Public Application_ Presentation
UAS- Unmanned Aircraft Systems Civil & Public Application_ PresentationLuis Neto
 
Prop For Std UAV in CO EM [03102016]
Prop For Std UAV in CO EM [03102016]Prop For Std UAV in CO EM [03102016]
Prop For Std UAV in CO EM [03102016]Francis Song
 
Journal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxJournal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxdonnajames55
 
Journal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxJournal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxcroysierkathey
 
Mapping with Unmanned Airborne Systems (UAS)
Mapping with Unmanned Airborne Systems (UAS)Mapping with Unmanned Airborne Systems (UAS)
Mapping with Unmanned Airborne Systems (UAS)Merrick & Company
 
Regulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVsRegulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVsSireesh Pallikonda
 
A TASK BASED information break down of COUNTERING UAV
A TASK BASED information break down of COUNTERING UAVA TASK BASED information break down of COUNTERING UAV
A TASK BASED information break down of COUNTERING UAVEdwin Hofte
 
The Future Of Battlefield Ma Vs
The Future Of Battlefield Ma VsThe Future Of Battlefield Ma Vs
The Future Of Battlefield Ma Vsstephen40
 
Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communicationsIT2Alcorn
 

Similaire à The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) - DroneSec GDSN#2 (20)

Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market ReportsCounter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
Counter Drone Systems Market 2022-2032 - Aviation and Defense Market Reports
 
counter drone market
counter drone marketcounter drone market
counter drone market
 
CSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_ProjectCSFI_ATC_Cyber_Security_Project
CSFI_ATC_Cyber_Security_Project
 
Small UAVs -Technology Overview
Small UAVs -Technology OverviewSmall UAVs -Technology Overview
Small UAVs -Technology Overview
 
Securing High Value Assets from above while grappling with the cost/benefit e...
Securing High Value Assets from above while grappling with the cost/benefit e...Securing High Value Assets from above while grappling with the cost/benefit e...
Securing High Value Assets from above while grappling with the cost/benefit e...
 
Military
MilitaryMilitary
Military
 
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERSDRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
DRONES THE NEW WEAPON OF CHOICE - ALSO FOR HACKERS
 
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
The Need for Drone Forensic Investigation Standardisation (Evangelos Mantas) ...
 
From Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone DefenseFrom Tracker to Jammer - Navigating Drone Defense
From Tracker to Jammer - Navigating Drone Defense
 
Skynet Week 3 H4D Stanford 2016
Skynet Week 3 H4D Stanford 2016Skynet Week 3 H4D Stanford 2016
Skynet Week 3 H4D Stanford 2016
 
UAS- Unmanned Aircraft Systems Civil & Public Application_ Presentation
UAS- Unmanned Aircraft Systems Civil & Public Application_ PresentationUAS- Unmanned Aircraft Systems Civil & Public Application_ Presentation
UAS- Unmanned Aircraft Systems Civil & Public Application_ Presentation
 
Prop For Std UAV in CO EM [03102016]
Prop For Std UAV in CO EM [03102016]Prop For Std UAV in CO EM [03102016]
Prop For Std UAV in CO EM [03102016]
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
 
Journal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxJournal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docx
 
Journal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docxJournal of Counterterrorism & Homeland Security International .docx
Journal of Counterterrorism & Homeland Security International .docx
 
Mapping with Unmanned Airborne Systems (UAS)
Mapping with Unmanned Airborne Systems (UAS)Mapping with Unmanned Airborne Systems (UAS)
Mapping with Unmanned Airborne Systems (UAS)
 
Regulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVsRegulatory reforms for civil applications of UAVs
Regulatory reforms for civil applications of UAVs
 
A TASK BASED information break down of COUNTERING UAV
A TASK BASED information break down of COUNTERING UAVA TASK BASED information break down of COUNTERING UAV
A TASK BASED information break down of COUNTERING UAV
 
The Future Of Battlefield Ma Vs
The Future Of Battlefield Ma VsThe Future Of Battlefield Ma Vs
The Future Of Battlefield Ma Vs
 
Eidws 109 communications
Eidws 109 communicationsEidws 109 communications
Eidws 109 communications
 

Dernier

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Dernier (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

The State of Drone Security – Analysing 1000+ drone incidents (Mike Monnik) - DroneSec GDSN#2

  • 1.
  • 2. “Let’s catch or shoot them down!” > Drones are classified as aircraft “Can we block their signal or jam them from entering our property?” > Illegal to interfere with an operating radio communications device > It is not trespass, as you don’t own your airspace “What about just detecting them….then sending the police after the operator!” > Even police have legal difficulty intercepting or tracing drones.
  • 3. We are in a time where UAV threats to critical infrastructure, the legislation governing and actions taken countering those threats with mitigation technologies, the response by law enforcement (and the technical skills needed) are not an easy answer. Most times, this just results in the finger being pointed towards physical security and the responsibility of the manufacturer. LUCAS LE BELL VICTOR VUILLARD KIM JAMES CHRISTOPHER CHURCH EVANGELOS MANTASJACOB TEWES DAVID KOVAR ULF BARTH
  • 5. Resources in the Description (SHOW MORE) ● Schedule ● Presenter Slides ● Code of Conduct DroneSec team during the event: Masumi Arefune - Event Coordinator Arison Neo - Content Moderator John Rihanna - Commercial Contact Mike Monnik - MC and Host DISCUSSION AND Q’N’A
  • 6. Global Drone Security Network #2 Aim: To be a source of authority and standards for drone security around the world. Mission: Ensure safe and secure drone operations, enabling innovation and preventing restrictions. Speakers: Drone hobbyists and/or commercialists. This event is for the future of drones not against them. Event: No one paid to speak here. No one was paid to speak here. There are no sponsors or commercial deals. All are live - no pre-recordings.
  • 7. Running Agenda (UTC+10) 19:00 - The State of Drone Security – Analysing 1000+ drone incidents by (Mike Monnik) 20:00 - Drone Security & Law Enforcement by (Christopher Church) 21:00 - Securing High Value Assets from above while grappling with the cost/benefit equation by (Kim James) 22:00 - C-UAS against Swarms by (Ulf Barth) 23:00 - Security of a drone platform by (Victor Vuillard) 24:00 - Five next-gen UAV evolutions every sensitive site should open their eyes to by (Lucas Le Bell) 01:00 - The Need for Drone Forensic Investigation Standardisation by (Evangelos Mantas) 02:00 - Counter-UAS: Legal Challenges and Solutions for Research and Development by (Jacob Tewes) 03:00 - Keynote: UAV Threats to the Oil and Gas Industry by (David Kovar)
  • 8.
  • 9. The State of Drone Security Mike Monnik Presentation Length: ~45 minutes
  • 10. Chief Technical Officer Offices: Melbourne, Sydney and Singapore Weekly UAV Threat Intelligence Newsletter MIKE MONNIK
  • 11.
  • 12.
  • 13.
  • 14.
  • 15. Core Concepts – Drone Security Protection of friendly drones against attackers Protection against rogue drones Protection of the systems that support, manage and counter drones >_
  • 17. Hobby Farming FPV Racing Make: DJI Phantom 4 Cost: $950+ Range: 3-5km @ 30mins Functionality: Video, Photos Laws & Regulations: 30m from people and buildings 120m height limit No night time flying Make: Yuneec H520 Cost: $5000+ Range: 1.5km @ 25mins Functionality: Media, thermal vision, 3D Modelling, seed sowing, Laws & Regulations: Notification and certs commercial Night time flying with approval Make: JohnnyFPV AstroX Cost: $600+ Range: 500m @ 5-10mins Functionality: Media, FPV vision Laws & Regulations: Authorised ISM bands only COTS UAS/UAV/RPAS/DRONE
  • 19. Vendor Server Approximate Location (5-10km) Hardware Information (serial #s) Mobile/Controller GPS Location Drone GPS Location Flight data (optional) NFZ codes Profile Information / Username 2.4ghzcontrollink 5.8ghzvideolink Controller Drone GPS Device/Application Internet: 4G/LTE How does a drone work?
  • 20. DroneGPS Approximate Location (5-10km) Hardware Information (serial #s) Mobile/Controller GPS Location Drone GPS Location Flight data (optional) NFZ zones Profile Information / Username Telcom Tower Fleet Management Server 4G/LTE control & video link How does an autonomous drone work?
  • 21. Device/Application (192.168.1.30) Android or iOS Vendor Application USB, Bluetooth or WiFi link Drone (192.168.1.2) OpenWRT Linux or similar Internal and External Storage 2.4ghz – 5.8ghz antennas The Drone Stack Controller (192.168.1.1) OpenWRT Linux or similar Embedded or external device 2.4ghz – 5.8ghz antennas Vendor Server (13.249.134.125) Profile, flight logs, flight data, No-Fly-Zone codes Optional: Purchases, linked accounts, country registration information
  • 22. Single Drone == Desktop PC Similarities to Cyber Security UTM System == Enterprise Network Counter-Drone System == Anti-Virus
  • 24. Remote Hijack or Permanent Denial-of-Service Bug Classes (Bug Bounty Program) $30,000 Remote Access to data or Temporary Denial-of-Service $5,000Drones and Hardware https://security.dji.com/policy Mobile Applications, Websites, Servers and Infrastructure $30,000 Hijack Drone(s), Access to User Data, Underlying issues
  • 25. Common Security Risks ● Hardcoded SSH/FTP/WiFi/Telnet passwords ● Vendor control, visibility and remote patching ● Provide more focused power/bandwidth (deauthenticate) ● Open WEP, Default/Weak WPA2 passwords ● Spoof controller commands and hijack drone control ● Prevent/lockout pilot on-board linux tools ● Privesc to extract data and video ● Hijack the video stream to the controller ● Access user purchases, pictures, video, audio ● Access user flight records and telemetry data ● Access flight controls (automated drones) Device/Application Controller Drone Vendor Server
  • 26. Misconfiguration leaking drone vision and telemetry analytics 7 2020: In Numbers - DroneSec Offensive Cyber Security (Responsible Disclosure) Total high-priority findings affecting UAS, CUAS and UTM 3 Vulnerabilities leaking customer and pilot information 1 Misconfiguration leaking police department drone purchases 1 2 Vulnerabilities resulting in access to CUAS and UTM control panels
  • 28. :NOTICE: The following slide contains images of violence and/or battlefield footage
  • 29.
  • 31. Counter-Unmanned Aircraft System Techniques (ATP 3-01.81) “Both reconnaissance and attack capabilities have matured to the point where UAS represent a significant threat to the army...” “If UAS is observed over your position, you are already compromised. Units must attempt to engage and destroy the UAS using any organic means available” US Army and Drones
  • 32. “Giant Mechanical Geese from Hell” ~ David Hambling
  • 34. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3304914 - Jacob Tewes @flyinglawyer Overview – “Drone Defense is Still Illegal”
  • 36. Contact TracingThreat Intelligence A: Investigate events, incidents and the specific information. Categorise, tag and analyse. B: Use the information to inform SOPs, compare to current results C: Refine targeting systems and feed detection information back to A. D: Continue predicting and reacting to rogue/malicious UAV with a view of apprehending/tracking operators Cross-Matching data and patterns
  • 37. UAS Threat Actor Example (Snipped) Recorded malicious drone use by member groups: Khalistan Zindabad Force (KZF) Ranjit Singh Neeta (Leader) Motivation and Goals: To conduct surveillance on security forces To conduct reconnaissance for possible areas for landing and deliveries of contraband To supply contraband to criminal groups for the conduct of acts of terror against nation states Tactics, Techniques and Procedures: Self-taught in engineering and modifying of drone parameter and hardware components Recruiting local youths and elderly to conduct a significant number of regular border flights Take-off and landing positions in close-proximity border villages and towns over Line-of-Control (LoC) Recorded Use of Drone/Equipment: Quadcopters, Multi-rotors, Fixed-Wing DJI Matrice 600, DJ Mavic 2, DJI Phantom 4 “Low-Noise” propellers Recorded Contraband/Crime: Ammunition, Explosives, Counterfeit money, Firearms (AK-47 & M4 assault rifles, M67 grenades) Communication devices (Radio devices, GPS device, batteries) Recorded Area of Operations: Kanzalwan (North western end of Jammu and Kashmir, India) Satwal Sector along LOC (Pakistan)
  • 38. Sources and Drag Net Approach 200+ Passive Sources International Aviation Authorities Academic Sources & University Agreements Pilots – Commercial and Private Airlines Commercial Partnerships Information Security Sources Newsletters and Email Lists Law Enforcement Subscribers & Community Contributions Active Sources TOR/Dark and surface web communication channels - Chat applications, Forums Proprietary aggregation software - Search Engines - Social Media - Government Sources - News and Media Live sightings and reports Counter-UAS detection feeds Keywords Base: drone, uav, uas, rpas (Other language translations) Variations: counter, anti, security, hacking, exploit, bypass Additionals: Airport, Prison, Correctional Facility, Energy Facility, Nuclear, Electricity, Power, Runway Custom: “JFK” “Tullamarine” “Michigan Stadium” “Bison Power” “
  • 39. Social Media Example Source - Social Media (Twitter) Keyword matches: - “drohne” AND “airport” Time & Date: - 16:52 June 1st Airport: - ACME (Geo-match) Database: - ACME Airport - NX1 CUAS System (News Ref: May 3rd) IMAGE IS FOR EXAMPLE PURPOSES ONLY
  • 41. 90High Priority Incidents 29Cyber Security Incidents 293Medium-Low Priority Incidents 266Whitepapers and Publications: UAV Security 2020: In numbers 11Tracked UAS Threat Actor Groups (Reoccurring)
  • 42.
  • 43. 46 Countries Involved Canada Mexico USA UK Australia France Germany 2020: Narcotics Total Narcotics incidents 23 Occurred at prisons* 17 Occurred across borders 6 Occurred in suburban areas
  • 44. 2020: Narcotics and Prisons 28% of drones seized by authorities were due to operator crashes ● Weight of payload (control or battery loss) ● BVLOS, out of range or night-time flying ● Trees or wires 25% of operators apprehended, of that 10% through drone forensics ● Most launched within <5km of the prison, from vehicles or forests ● Most used drones under 2kg Most common payloads: ● Narcotics ● SIM cards ● Shivs/Weapons ● Cash
  • 45. Canary Drones In two events, operators sent a smaller, non-payload equipped drone to fly over the prison to assess CUAS or staff response. ● This occurred both 24 hours before and just 10 minutes before ● A larger or payload equipped drone sent afterwards Pseudo-Swarm Drones In one event, operators flew three separate drones over the facility. Guards were alerted, drones continued to operate for 7 minutes. ● Only one drone is suspected of dropping the payload Anti-Forensics In some cases: Removing SD card, disabling caching, disabling RTH functions, serial information and purchasing systems and batteries 2nd hand, custom apps 2020: Narcotics and Prisons - Scenarios
  • 46. Where mitigation is not possible, detection will be key ● Detection-only systems with quick-response SOPs ● Physical security, deception techniques and netting Drone capabilities for heavy lift and carry will increase ● ~$80,000 for a 25kg lift/carry is affordable to organised crime groups ● Drone manufacturers will seek hardware and software identification ● Second-hand drone sales may see vehicle transfer registration Prisons will consider drones as Hostile Vehicle Mitigation 2020: Narcotics and Prisons Forecast
  • 47.
  • 49. 2020: Borders High number of drones seized by authorities Low due to CUAS ● Most are one-way flights ● Heavier payloads are easier to shoot with small arms fire ● Some have payloads removed Extremely low number of operators apprehended ● Most launched from border towns, extended range near borders ● Many flown by unsuspecting recruits not connected to crime ● Many drones over 2kg (more funding? different payloads?) Most common payloads: ● Narcotics ● Ammunition/explosives/weapons ● Communication devices
  • 50. Enable large operations ● Used as distractions to pull responders away from key chokepoints ● Live-stream vision across-borders to assess positions: human trafficking ● Used to guide planes to land in black-out jungle areas Camouflage and Deception ● Observed using low-profile noise reduction propellers ● Being painted sky-blue or cloud-white, lights taped over Proxy weapon of choice by military - attribution ● COTS drones have the price point and appearance of being civilian ● Capabilities allow military supplies or remote weaponisation ● Hard to determine if rogue drone was nation state, rebel or hobbyist 2020: Borders - Scenarios
  • 51. CUAS will require larger footprints ● Usual radius of detection/mitigation is 5km-10km range ● Detection features will be built into Telecommunication or Physical assets ● Careful geo-positioning to only control ‘this side of the fence’ Countries may seek border/country No-Fly-Zones ● Goefencing and Remote ID may change NFZ from airspace to per-country Borders will require hard-stop CUAS ● Compared to prison, airport and critical infrastructure incidents, border drones continue to carry weaponised or ordnance payloads. 2020: Border Forecast
  • 52. Most incidents included: 1. Battlefield (Syria, Ukraine) 2. Borders 3. Prisons 4. Sporting Stadiums 5. Emergency Services 6. Critical Infrastructure 7. Aviation/Airports 2020: A year in review and looking to 2030 Law Enforcement ● COVID19 uptik ● Emergency response ● Public Privacy Issues ● Lack of legislation for CUAS ● Lack of SOP for DFIR Cyber and Data Security ● Mobile Application Security ● Privacy from manufacturers ● UTM and C-CUAS as a target CUAS Systems ● Splitting detection and response ● Integration with UTM/UAM ● Lack of legislation for private/commercial customers ● Jamming and signal manipulation increasing Threat Intelligence ● Nationwide sharing for LE ● ADSB + ATM + UTM Integrations ● Inform CUAS product development
  • 53. End-to-end Drone Security includes many components: Manufacturers, Physical Security, Counter-UAS, Laws & Regulations, Forensics, Threat Intelligence… Working groups are required between: ● Counter-UAS ● Law Enforcement ● Aviation (ATM/UTM) ● Law makers ● Hobbyists Drones make up three quadrants • Electronic • Kinetic • Close-proximity and air-space Drones require a new joint-capability of traditional and emerging threat intelligence, risk analysis and embedded security to foster innovation and safely prevent restrictions on the industry. Summary
  • 54. THANK YOU AND WELCOME. mike.m@dronesec.com - dronesec.com Resources Notify Threat Intelligence Platform dronesec.com/pages/notify Weekly UAV Threat Intel Newsletter (free) dronesec.com/pages/dronesec-notify Slack Discussion Group dronesec.slack.com UAS Threat Actor Glossary By vetted request only: info@dronesec.com
  • 55. THANK YOU. SPEAKERS Christopher Church Kim James Ulf Barth Victor Vuillard ORGANISERS DroneSec Privasec Masumi Arefune Arison Neo Mike Monnik Lucas Le Bell Evangelos Mantas Jacob Tewes David Kovar SPECIAL MENTIONS Jill Taylor Philippe Rouin Daniel Ting All the attendees!