A look at some advanced research on drone attacks by Jeff Thomas and Xi Chen.
- [Narrator] Two security researchers in Australia,…Jeff Thomas and Xi Chen,…have enhanced the original Kamkar attack…on the control channel, and have provided demonstrations…of two additional attacks, one on the video stream,…and one on the telemetry link.…These were demonstrated at the CivSec conference…in Melbourne in June 2016.…In their enhanced drone hijack attack,…Jeff Thomas and Xi Chen are able to connect…through the Parrot's Telnet channel,…using the drone's IP address, which is always 192.168.1.1…on port 23, and establish a second user on the drone.…
They then add an iptables rule,…to stop all but their IP address being accepted,…thereby disconnecting the original user permanently.…The drone is then controlled by their laptop,…using application code written…using the Robot Operating System.…In their second attack, they hijack the video stream…by using Aircrack-ng to monitor packets,…and capture those on port 5555 into a .pcap file.…The raw data for the whole conversation is then extracted…using Wireshark and saved into a .dat file,…
This course teaches you what session hijacking is, and how black-hat hackers use it to attack an organization. Learn how TCP, web, and wireless protocols work and how hackers exploit them. Find out how to use built-in Windows and Linux tools, as well as specialized third-party solutions such as Zed Attack Proxy (ZAP) and Cain, to detect and shore up vulnerabilities. Author and cybersecurity expert Malcolm Shore also discusses remote hijacking, which allows hackers to take control of drones or even vehicles.
Note: This course maps to the Session Hijacking domain of the Certified Ethical Hacking exam. Review the exam objectives at the EC-Council's website.
- Hijacking a network session, such as a Telnet session
- Understand web sessions
- Intercepting sessions via man-in-the-middle or man-in-the-browser attacks
- Downgrading a session by stripping SSL
- Using ARP poisoning through Subterfuge
- Hijacking an HTTP session through cookies
- Using hijacking defense tools: Zed Attack Proxy and Cain
- Service hijacking (DNS and SSH)
- Hijacking in the physical world: cars and drones