Remotely Disconnecting Bebop Drone pilot exploit As seen on ZDF

  1. Last year we ran into an issue when recording Smarter Living for ZDF when they gave us a drone we hadn’t hacked before which was the bebop 1. It took half an hour to find a vulnerability and exploit the bebop drone. while it isn’t a  fancy exploit it got the job done. Parrot had tried to put a patch in place for the bebop drone to stop people from accessing telnet, however you could still send request to telnet. We sent a bunch of telnet requests to the drone while it was flying and remotely disconnected the user from being able to control the drone. Instead of the drone crashing no one had control of the drone and it was doing whatever it wanted requiring the director and I to grab it out of the sky.

While we have a ton more of drone vulnerabilities that we spoke about at bsides LA, we won’t be releasing them today.  We went all the way down to a binary analysis, which was quite interesting and may make publicly available.

Leave a Reply

Your email address will not be published. Required fields are marked *