Dahua Video Recorders and Cameras affected by a serious flaw. Is it a backdoor? Wikileaks CIA Files – What this means for Internet security and encryption Serious flaws in Western Digital My Cloud NAS devices allow attackers to fully control them WikiLeaks releases documents detailing CIA hacking tools and capabilities WordPress 4.7.3 is out to fix 6 security issues, but CSRF flaw remains unpatched The 1.4 Billion records recently leaked come from the DB of the World’s Biggest Spam Networks Lizard Squad claims to have brought down both Facebook and Instagram Both social network platforms Facebook and Instagram went down on Tuesday while Lizard Squad hacking team claims responsibility...If you would like to downgrade, upgrade, or re-install firmware you can do so at your own risk by using these files and instructions. Download the version you want below. (Don’t change the filename.) Power up your AR. Connect your computer to the AR.

Open a telnet session to 192.168.1.1 type the following:  echo “1.1.1″ > /firmware/version.txt type the following:  echo “1.1.1″ > /update/version.txt Connect an FTP client to 192.168.1.1 Port: 5551 Upload the downloaded plf file to the FTP server (AR. Disconnect your computer from the AR. Disconnect the battery from the AR. Wait (about 5 minutes while the upgrade completes) Upgrade, downgrade, and re-install are all done using the same procedure as seen in the video below. Any FTP client will work. We use and recommend Cyberduck which is available here: http://cyberduck.ch/ The procedure for Windows is similar, the only difference is the method used to connect to the AR.Drone network and the method used to telnet. Small unmanned aerial vehicles (UAVs), often referred to collectively as “drones” are all the rage right now. From delivering packages for Amazon to crashing on the White House lawn, it seems every week there is some new debate about the usefulness and potential danger of the widespread availability of what was once a technology limited primarily to the military.

Questions as to the safety and security of what essentially boils down to a flying computer is unlikely to abate with the news that security researcher Rahul Sasi has developed what he claims to be the world’s first drone malware: Maldrone.parrot ar drone in lebanon The full details of Sasi’s research won’t be revealed until nullcon in February, but he’s already put a demonstration video up on YouTube and described the general idea on his blog. parrot ar drone lost signalWhile there are still some unanswered questions, what Sasi has already shown is enough to call into question how secure some of these consumer-level “drones” really are.ar drone parrot prezzo For his research Sasi targeted the AR.parrot ar drone flat trim

Drone, manufactured by Parrot, a Linux powered drone that users can control with their smartphone or tablet over WiFi. parrot ar drone javaIn his demonstration, Sasi shows a Python script (drone_expoit.py) which uploads a payload to the AR.ar drone 2 anleitungDrone over the local WiFi network, to which the drone responds a few seconds later with a reverse shell connection. Sasi’s software then demonstrates running some standard Linux commands on the drone’s onboard computer, which in this case simply returns the version of Linux it’s running, but could just as easily report data from the drone’s sensors back to the attacker. Finally, the malware shuts off the drone’s autopilot system, causing it to drop out of the sky like a brick. This demonstration is simply a teaser for Sasi’s larger reveal, but it proves there is real potential to turn these drones against their masters.

With the number of sensors onboard these vehicles (GPS, camera, WiFi radio, etc), they could be used for remote surveillance without the legitimate operators knowledge, or simply stolen from the owner by commanding the drone to fly back to the attacker’s location. One big issue not fully addressed in the demonstration video or the accompanying blog post is whether this exploit can be performed remotely on a stock-firmware AR.Drone, or if the drone in the demonstration has already been compromised by way of a modified firmware. Obviously, the attack is much more potent if it works on the out of the box drone, so the answer to that question will go a long way to prove Maldrone as a valid threat.Drone line is no stranger to security audits. In 2013, Parrot’s AR.Drone 2 (an enhanced version of the one Sasi is working with) was used in Samy Kamkar’s SkyJack. Kamkar strapped a Raspberry Pi and Alfa AWUS036H onto the AR.Drone 2, and loaded with his software it was able to knock other drone operators off of the WiFi network.

With the legitimate user’s smartphone or tablet off the network, Skyjack was able to establish a new connection and remotely command the drone. The reason the AR.Drone has been targeted in both of these demonstrations is pretty simple; rather than using a custom radio communication protocol like more advanced remote controlled vehicles, Parrot chose to simply go with standard WiFi. This means the AR.Drone is susceptible to a lot of the traditional WiFi tools and exploits, making it a much easier target. That also means that security vulnerabilities in the AR.Drone’s control systems aren’t necessarily indicative of problems with drones technology in general. That said, increased scrutiny of drone security is coming. The impressive computational power and suite of sensors required to keep one of these vehicles in the air is simply too tempting of a target to be ignored for long, especially as commercialized drone services (such as package delivery) start becoming mainstream.