Stories
Slash Boxes
Comments

SoylentNews is people

BBC’s Micro:bit Turns Out to be an Excellent Drone Hijacking Tool

posted by martyb on Monday July 31 2017, @03:10AM   Printer-friendly
from the snooping-on-a-budget dept.

Phoenix666 writes:

The BBC's Micro:bit computer board may be winning over school kids, but hackers have found its wireless capabilities and programmable nature make it an excellent tool for mischief.

In a presentation at this year's DEF CON hacking conference in Las Vegas on Friday, Damien Cauquil, senior security researcher at Econocom Digital Security, showed how the pocket-sized microcomputer could be configured to sniff out keystrokes from a wireless keyboard, and even take control of a quadcopter drone with just some nifty programming.

The Micro:bit, which costs just £12 in the UK or $15 in the US, is powered by a 16MHz 32-bit ARM Cortex-M0 CPU with 16KB of RAM and Bluetooth connectivity that, with a little Python coding, turns out to be an excellent wireless sniffer. To make matters better for hackers, it's also tiny, and thus easy to hide while doing this job.

Cauquil showed that by using publicly available software, he could program the Micro:bit to snoop on signals from a wireless keyboard using Bluetooth, and then hide it in a desk to grab sensitive info, passwords and other login details out of the air as they are typed. Admittedly, the amount of storage on the Micro:bit is pitifully small, but it's enough to hold the goodies you'd need for further mischief.

But there was also another use for the device. Cauquil attached it to a drone controller handset and used the resulting gizmo to interfere with an airborne quadcopter's control mechanisms and hijack its flight controls. In other words, you can wire a suitably programmed Micro:bit into a controller and potentially use it to take over someone else's drone.

Original Submission

 
This discussion has been archived. No new comments can be posted.
BBC’s Micro:bit Turns Out to be an Excellent Drone Hijacking Tool | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by nobu_the_bard on Monday July 31 2017, @01:59PM (1 child)

    by nobu_the_bard (6373) on Monday July 31 2017, @01:59PM (#547144)

    The security for wireless keyboards does indeed suck, and it's only fairly recently they started having encrypted connections available as options. They rarely bother to actually advertise what measures (if any) they are taking.

    Only a few years ago, I had a site where the wireless keyboards were in such density they actually interfered with one another- could end up typing on someone else's screen.

    Newer ones are supposedly better but I haven't really had the time and money to invest in figuring out if it's true.

    Here's an article from last year that talks about it; I just googled it and posted the first thing I saw:
    http://www.csoonline.com/article/3100026/hardware/many-popular-wireless-keyboards-completely-unprotected.html [csoonline.com]

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by kaszz on Monday July 31 2017, @02:50PM

    by kaszz (4211) on Monday July 31 2017, @02:50PM (#547162) Journal

    Haha, I recall when I saw these wireless keyboards at first. And my instant first thought was.. which encryption do they use? And the answer was "it's wireless".. yes but "it's wireless". Right there I got suspicious and it turned out I was right.