unmanned aerial vehicles | Breaking Cybersecurity News | The Hacker News

A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometres away with the help of less than $40 worth of hardware . The attack was developed by IBM security researcher Nils Rodday, who recently presented his findings at Black Hat Asia 2016. Hacking the $28,463 Drone with Less than $40 of Hardware Rodday explained how security vulnerabilities in a drone's radio connection could leverage an attacker ( with some basic knowledge of radio communications ) to hijack the US$28,463 quadcopters with less than $40 of hardware. Rodday discovered ( PPT ) two security flaws in the tested drone that gave him the ability to hack the device in seconds. First, the connection between drone's controller module, known as telemetry box, and a user's tablet uses extremely vulnerable ' WEP ' ( Wired-Equivalent Privacy ) encryption – a protocol long known to be 'crackable in sec...

The leaked internal emails from the Italian surveillance software company Hacking Team have revealed that the spyware company developed a robotic aircraft designed to attack computers and smartphone devices through Wi-Fi networks. Over a year ago, some security researchers developed a drone called ' Snoopy ' that was capable to intercept data from users' Smartphones through spoofed wireless networks. Now, the email conversations posted on WikiLeaks website reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) called Drones to carry out attacks that inject spyware into target computers or mobile phones via WiFi. After attending the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February 2015, the U.S. drone company Boeing subsidiary Insitu become interested in using surveillance drones to deliver Hacking Team's Remote Control System Galileo for even more surveillance. Among the emails, co-founder Ma...

Do you know, apart from United States National Security Agency (NSA) , Federal Bureau of Investigation (FBI) and law enforcement, a few advertising companies are also monitoring unsuspecting users' cell phone data with the help of the unmanned aerial vehicles (UAVS) called Drones. Yes it's True! A Singapore-based advertising firm AdNear , which described itself as "the leading location intelligence platform," is using a number of small drones flying around the San Fernando Valley in Los Angeles since early February in order to track Wi-Fi and cellular transmission signals. ADNEAR DRONES TRACKS YOU EVERYWHERE The drones have ability to sniff out device' cellular or wireless Internet signals, which is then identify by device ID. Using this gathered information, the drones track each and every movements and behaviors of individual users. Generally, the reason behind spying on people's cell phone signals is the company's interest to deliver hyper-targe...

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches. These five real vulnerabilities, uncovered by Intruder's bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents. 1. Stealing AWS Credentials with a Redirect Server-Side Request Forgery (SSRF) is a common vulnerability that can have a significant impact, especially in cloud-hosted applications. If a web application fetches resources from user-supplied URLs, care should be taken to ensure attackers can't manipulate requests to access unintended resources. While assessing a home-moving app running in AWS, our team tested common SSRF bypass techniques. The attack chain was as follows: the app sent a webhook request to the attacker's web server, which responded with a 302 redirect to AWS's metadata service. The app followed the redirect and logged the response, which exposed sensitive metadat...