Hacker Hijacks a Police Drone from 2 Km Away with $40 Kit
A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometers away with the help of less than $40 worth of hardware.
The attack was developed by IBM security researcher Nils Rodday, who recently presented his findings at Black Hat Asia 2016.
Rodday explained how security vulnerabilities in a drone's radio connection could leverage an attacker (with some basic knowledge of radio communications) to hijack the $28,463 quadcopter drone with less than $40 of hardware.
Rodday discovered two security flaws in the tested drone that gave him the ability to hack the device in seconds.
First, the connection between drone's controller module, known as telemetry box, and a user’s tablet uses extremely vulnerable 'WEP' (Wired-Equivalent Privacy) encryption – a protocol long known to be 'crackable in seconds.'
This flaw could be exploited by any attacker in Wi-Fi range of 100 meters to break into that connection and send a malicious command that disconnects the drone's owner of the network.
Second, the onboard chips used for communication between that telemetry module and the drone uses an even less-secured radio protocol.
Homeland Security Warning About Ransomware
Alert (TA16-091A)
https://www.us-cert.gov/ncas/alerts/TA16-091A
Ransomware and Recent Variants
Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.
US-CERT recommends that users and administrators take the following preventive measures to protect their computer networks from ransomware infection:
- Employ a data backup and recovery plan for all critical information. Perform and regularly test backups to limit the impact of data or system loss and to expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
- Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
- Keep your operating system and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date anti-virus software, and scan all software downloaded from the internet prior to executing.
- Restrict users’ ability (permissions) to install and run unwanted software applications, and apply the principle of “Least Privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the Web. See Good Security Habitsand Safeguarding Your Data for additional details.
- Do not follow unsolicited Web links in emails. Refer to the US-CERT Security Tip on Avoiding Social Engineering and Phishing Attacks for more information.
Ransomware is quickly becoming the choice of criminals when attacking businesses.
- They can always find someone who will click on an email link or attachment
- You have to have your computer files to be able to do your work
Having your IT firm follow the steps listed above will help. Training your staff not to click on email attachments and Internet links will reduce your risk.
Your biggest risk is with
your gullible staff member.
Lack of Ransomware Awareness
Gartner analyst Avivah Litan laments that too many businesses "are not spending large amounts of resources on security and are not equipped to even understand these [ransomware] threats. These entities are not focused on fighting ransomware, so criminals' attack methods can easily stay ahead of their victims' ability to defend themselves."
And too many organizations are paying ransoms to extortionists, says cybersecurity attorney Chris Pierson, who also serves as CISO at electronic payments and invoicing provider Viewpost. "Whether due to speed, mission criticality or the lack of good backups and data proliferation, more companies are being forced to pay these days," he says.
For example, in February, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to unlock data encrypted by cyberattackers. Allen Stefanek, the hospital's president and CEO, noted that his organization decided to pay the ransom because obtaining the decryption key from the attackers was "the quickest and most efficient way to restore our systems and administrative functions."
The takeaway? Protect yourself.
- Layer your defenses by installing a GOOD, HIGH-END (expensive) firewall and enable the security subscriptions
- Run an endpoint protection (antivirus) software that updates hourly
- Check the endpoint protection daily
- Scan machines nightly
- TEACH YOUR USERS NOT TO CLICK ON ATTACHMENTS OR WEB LINKS UNLESS THEY ARE CERTAIN OF THE SENDER AND ARE EXPECTING THE EMAIL.
If you need some help wading through all this, then pick up the phone and call us at 757-333-3299 x232 and we’ll set up a time to come out and chat with you about your network security.
Funnies
The problem with political jokes is they get elected.
~Henry Cate, VII~
We hang the petty thieves and appoint the great ones to public office.
~Aesop~
If we got one-tenth of what was promised to us in these State of the Union speeches, there wouldn't be any inducement to go to heaven.
~Will Rogers~
Politicians are the same all over. They promise to build a bridge even where there is no river.
~Nikita Khrushchev~
Politicians are people who, when they see light at the end of the tunnel, go out and buy some more tunnel.
~John Quinton~
Why pay money to have your family tree traced; go into politics and your opponents will do it for you.
~Author unknown~
Politics is the gentle art of getting votes from the poor and campaign funds from the rich, by promising to protect each from the other.
~Oscar Ameringer~
I offer my opponents a bargain: if they will stop telling lies about us, I will stop telling the truth about them.
~Adlai Stevenson, 1952~
A politician is a fellow who will lay down your life for his country.
~ Tex Guinan~
I have come to the conclusion that politics is too serious a matter to be left to the politicians.
~Charles de Gaulle~
Instead of giving a politician the keys to the city, it might be better to change the locks.
~Doug Larson~
There ought to be one day -- just one -- when there is open season on Congressmen.
~Will Rogers~
