A security researcher demonstrated how to use a pocket-sized microcomputer BBC’s Micro:bit to take control of a quadcopter drone.
In a talk at the at year’s DEF CON hacking conference in Las Vegas, Damien Cauquil, a security researcher at Econocom Digital Security, demonstrated how to use a pocket-sized microcomputer such BBC’s Micro:bit to sniff out keystrokes from a wireless keyboard or and even take control of a quadcopter drone.
The Micro:bit is an ARM-based embedded system designed by the BBC for use in computer education in the UK. It is powered by a 16MHz 32-bit ARM Cortex-M0 CPU with 16KB of RAM and Bluetooth connectivity, the expert showed that with a few line of Python coding it is possible to use it as a wireless sniffer.
The Micro:bit is very cheap, it goes just £12, and Cauquil showed how to use publicly available software to snoop on signals from a wireless keyboard via Bluetooth.
The small size of such kind of device makes it is possible to hide it in a desk to sniff sensitive info typed by victims, such as passwords and login credentials.
One of the most intriguing uses showed by the expert is the hack of drone. Cauquil attached the tiny micro computer to a drone controller handset and hijack the flight controls.
“It took us a few months to hack into the Micro:Bit firmware and turn it into a powerful attack tool able to sniff keystrokes from wireless keyboards or to hijack and take complete control of quadcopters during flight.” reads the talk description. “We also developed many tools allowing security researchers to interact with proprietary 2.4GHz protocols, such as an improved sniffer inspired by the mousejack tools designed by Bastille. We will release the source code of our firmware and related tools during the conference.”
Cauquil explained that occasionally latency issues would cause the Micro:bit to lose its connection with the drone, but he is sure that Micro:Bit will become a nifty platform to create portable RF hacking tools.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.