|
From: | Felix Ruess |
Subject: | Re: [Paparazzi-devel] Securing the Paparazzi drone |
Date: | Tue, 25 Aug 2015 10:12:08 +0200 |
ChrisThank you for your advicethe whole idea of the AR Drone, is more to start learning in that platform to start and then move into Paparazzi feet firstPaparazzi running on linux, is on ubuntu, so i am thinking that i should make the switch to Debian and learn a little more.one book that I have been looking at is thisDavidI have been using fedora linux for 4 years now(just using it on my desktop machine), but I am no admin, I know my way around: to update, to troubleshoot drivers issues and basic stuff and I get things doneExploring BeagleBone: Tools and Techniques for Building with Embedded Linux
http://www.amazon.com/Exploring-BeagleBone-Techniques-Building-Embedded/dp/1118935128/ref=sr_1_2?ie=UTF8&qid=1440453381&sr=8-2&keywords=embedded+linuxOn Mon, Aug 24, 2015 at 6:45 PM, David Conger <address@hidden> wrote:Hello,
I learned Linux back in 1994 so back then you had to find information
online or magazines. since then I have worked on many production
projects using Linux and along the way I have observed and integrated
"best practices" that most certainly are shared online under a search
for "ssh linux security best practices". I do not mind sharing what I
know but worry it's common knowledge or unwanted so if you are more
specific I can be more specific.
I do not know your experience level with Linux to suggest any "best"
reading. I often simply look to the Internet now for the latest
information. Things change quickly. The Linux on ARDrone is still
"Linux" fundamentally.
Good news. On my BeBop it was easy to find the IP but connecting as
root no password failed so I am encouraged (a good thing) by that.
--
On 8/24/15, dr3n3al labs <address@hidden> wrote:
> David
> Thank you for the email explaining everything, question, i am new in the
> group and i am looking into get an AR Drone for research (based on a course
> done at TU Munich) would you recommend any book about embedded Linux that i
> should read to really understand whats going on inside of the ARDrone?
>
> Thanks
> Chris
>
> On Mon, Aug 24, 2015 at 5:08 PM, David Conger <address@hidden>
> wrote:
>
>> I have mentioned security in the past. I remember making an ARDrone
>> fall from the sky in a part in Toulouse from my iPhone as a
>> demonstration these drones are too insecure...sorry guys for that I
>> made sure it was only a few feet from the grass before pressing enter
>> :]
>> Three years later at BlackHat a much more public demonstration of the
>> same got a lot of attention. I was surprised this gaping security hole
>> still exists. Open root access to a flying robot???
>> I propose a simple fix I do all the time to any Linux system I work with:
>> 1. exchange ssh keys
>> 2. disable password login completely for every account
>> 3. disable root login, do not use root at all (sudo) and monitor root
>> access of any kind
>> Has anyone considered simply exchanging id_rsa.pub files, disable
>> password login, the simple things are often the best. For any server I
>> manage there are no password logins or root logins allowed ever. They
>> key can be generated somewhere else and if the right files are
>> exchanged it works fine. cfengine can easily mass setup systems (read
>> drones at the factory) with security in place before shipping to
>> eliminate sending them out all open to the world for root. So easy to
>> do pls consider it vendors.
>> Paparazzi is not nearly as insecure from ENAC. Smart minds enabled a
>> HASH "key" exchanged at compile so the drone refuses messages without
>> the proper key. Now however we are running Paparazzi on less secure
>> platforms so it is time to address security again.
>>
>> As Parrot uses Linux and it should be trivial to implement ssh key
>> exchanges at the factory using automation (cfengine is nice). I have
>> setup cfengine scripts to build entire Oracle RAC clusters from bare
>> metal so I know what goes on the ARDrone is easily doable this way.
>>
>> Initial drone security (also Skycontroller) would be the 3 steps
>> given. Now with keys in place your programmers on the ground can
>> interact with the drone without sending any passwords over the air and
>> with sudo all steps required can be done, safely.
>>
>> Is there anyone with questions? If so just ask I'm glad to help. I
>> have already seen one video where someone uses aircrack-ng to send a
>> WiFi deauth packet then connects and takes over control of the drone
>> using automated scripts from a flying Raspberry Pi with Wifi. Trivial
>> to do really but sadly it's so trivial to do. Let's fix this together!
>>
>> -David
>>
>> _______________________________________________
>> Paparazzi-devel mailing list
>> address@hidden
>> https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
>>
>
address@hidden
http://www.ppzuav.com
_______________________________________________
Paparazzi-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
_______________________________________________
Paparazzi-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/paparazzi-devel
[Prev in Thread] | Current Thread | [Next in Thread] |