Ryan Satterfield of the security consulting firm Planet Zuda demonstrated the security flaw in the drone from Parrot in a presentation at Def Con in Las Vegas. Satterfield stated that the hacking can be done by exploiting the Parrot A.R. drone’s built-in Wi-Fi and an open telnet port on the drone’s implementation of the BusyBox real-time operating system. In the demonstration, Satterfield was successful in getting root access to the controller, and killing the processes controlling flight—causing the drone to drop to the ground.
What is alarming is that the procedure is does not require any sophisticated tools or expert knowledge. One of Parrot drones particularly vulnerable to attacks is the Bebop model. This was demonstrated on August 9, in another session at Def Con, by security researcher Michael Robinson, an adjunct professor and security analyst at Stevenson University in Maryland and George Mason University in Northern Virginia. He presented his research on the Bebop drone in a session entitled “Knocking My Neighbor’s Kid’s Cruddy Drone Offline.” Robinson explained that because of the open Wi-Fi connection, anyone who has installed free Parrot app on his mobile device can pair with the drone in-flight. Like Satterfield, Robinson found that there was an open telnet port on the Bebop. This open telnet port can be exploited by hackers to take over the Bebop drone. He said that killing flight processes didn’t just make the Bebop drop to the ground, however—in an indoor test, Robinson said the drone suddenly lurched off like a projectile as it ungracefully shut down, slamming into a kitchen appliance.