Hobbico C-me - Changing SSID
Security issues¶
This attack results from 1 security issue :
- Default WiFi password.
Telnet password recovery¶
A WPA2-PSK classical guessing attack was achieved using the Aircrack-NG suite, leading to the discovery of the WiFi password.
Moreover, reversing the Android application shows the password. Investigating the sources further leads to the discovery of a list of possible commands, to be sent to a fly control application running on the drone. This way, multiple actions can be commanded, like powering off, therefore causing a DoS.
DroneSploit module¶
A generic proxy class was made to implement command sending for drones that use a fly control application (through a TCP or UDP socket), DroneModule
(see dronesploit/lib/drones/__init__.py
). The specificity of Hobbico's drones is implemented into HobbicoModule
, providing a format for the command to be sent.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
|
A template proxy class, CmeModule
is implemented to hold the default configuration options.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
|
The module is finally :
1 2 3 4 |
|