WTF DJI, UAV CTF?! - A hacker's view at commercial drone security
08-18, 16:00–16:45 (Europe/Berlin), Milliways
Language: English

We'll take a look at how DJI - dominating player for commercial and recreational drones - builds their software, specifically from a security angle.

This talk will discuss DJI drones, most specifically the DJI Mini-series; looking at the hardware, discussing attack angles, up to a full compromise of a current drone for custom firmware purposes.

Along the way, we'll look at a lot of security WTFs that allow to pwn these devices. The amount and quality of bugs sometimes feel like you're trapped in a very cool hardware CTF.

We'll go from sniffing hardware busses, making fun of incorrect usage of SoC security features over to how DJI consistently and knowingly violates the GPL, into executing custom code on the flight controller and Linux system.

Content Notes

This is a very technical talk with a lot of content. In fact, it's so much content that its' very difficult to present a consistent "start-to-end" story, but rather I'll present some of this content in a "jeopardy"-style with categories like "Bootloader Exploit", "Hardware Sniffing", "Shell exploitation", "RF Signal" etc.; somewhat mimicking a CTF, but talking about very real bugs that have been shipped (or are still being shipped).

I'll start with a very little of context around "why do drones need security at all", also in the context of the Russo-Ukrainian war, but I'm trying to keep this technical otherwise.