Search for: All records

he pervasive operation of customer drones, or small-scale unmanned aerial vehicles (UAVs), has raised serious concerns about their privacy threats to the public. In recent years, privacy invasion events caused by customer drones have been frequently reported. Given such a fact, timely detection of invading drones has become an emerging task. Existing solutions using active radar, video or acoustic sensors are usually too costly (especially for individuals) or exhibit various constraints (e.g., requiring visual line of sight). Recent research on drone detection with passive RF signals provides an opportunity for low-cost deployment of drone detectors on commodity wireless devices. However, the state of the arts in this direction rely on line-of-sight (LOS) RF signals, which makes them only work under very constrained conditions. The support of more common scenarios, i.e., non-line-of-sight (NLOS), is still missing for low-cost solutions. In this paper, we propose a novel detection system for privacy invasion caused by customer drone. Our system is featured with accurate NLOS detection with low-cost hardware (under $50). By exploring and validating the relationship between drone motions and RF signal under the NLOS condition, we find that RF signatures of drones are somewhat “amplified” by multipaths in NLOS. Based on this observation, we design a two-step solution which first classifies received RSS measurements into LOS and NLOS categories; deep learning is then used to extract the signatures and ultimately detect the drones. Our experimental results show that LOS and NLOS signals can be identified at accuracy rates of 98.4% and 96% respectively. Our drone detection rate for NLOS condition is above 97% with a system implemented using Raspberry PI 3 B+. 

Small-scale unmanned aerial vehicles (UAVs) have become an increased presence in recent years due to their decreasing price and ease of use. Similarly, ways to detect drones through easily accessible programs like WireShark have raised more potential threats, including an increase in ease of jamming and spoofing drones utilizing commercially of the shelf (COTS) equipment like software defined radio (SDR). Given these advancements, an active area of research is drone security. Recent research has focused on using a HackRF SDR to perform eavesdropping or jamming attacks; however, most have failed to show a proposed remediation. Similarly, many research papers show post analysis of communications, but seem to lack a conclusive demonstration of command manipulation. Our security assessment shows clear steps in the manipulation of a WiFi drone using the aircrack-ng suite without the need for additional equipment like a SDR. This shows that anyone with access to a computer could potentially take down a drone. Alarmingly, we found that the COTS WiFi drone in our experiment still lacked the simple security measure of a password, and were very easily able to take over the drone in a deauthorization attack. We include a proposed remediation to mitigate the preformed attack and assess the entire process using the STRIDE and DREAD models. In doing so, we demonstrate a full attack process and provide a resolution to said attack. 

When people connect to the Internet with their mobile devices, they do not often think about the security of their data; however, the prevalence of rogue access points has taken advantage of a false sense of safety in unsuspecting victims. This paper analyzes the methods an attacker would use to create rogue WiFi access points using software-defined radio (SDR). To construct a rogue access point, a few essential layers of WiFi need simulation: the physical layer, link layer, network layer, and transport layer. Radio waves carrying WiFi packets, transmitted between two Universal Software Radio Peripherals (USRPs), emulate the physical layer. The link layer consists of the connection between those same USRPs communicating directly to each other, and the network layer expands on this communication by using the network tunneling/network tapping (TUN/TAP) interfaces to tunnel IP packets between the host and the access point. Finally, the establishment of the transport layer constitutes transceiving the packets that pass through the USRPs. In the end, we found that creating a rogue access point and capturing the stream of data from a fabricated "victim" on the Internet was effective and cheap with SDRs as inexpensive as $20 USD. Our work aims to expose how a cybercriminal could carry out an attack like this in order to prevent and defend against them in the future.