20 Hack our Drone was the intriguing title of a workshop held at the most recent Xponential, which took place in San Diego in May. Leading the well-attended session was Ronald Broberg, penetration tester at cybersecurity company Dark Wolf Solutions. With the aid of several colleagues, he guided a class of aspiring youngsters through the process of hacking a small quadcopter. The existence of the hacking class naturally raises the question of why such an ostensibly nefarious activity should be taught. “Primarily, I hope to raise awareness among UAS product engineers of how cybersecurity testing is done, and why they need to become more aware of cybersecurity design, implementation, testing and maintenance,” Broberg says. “My second purpose is to help raise awareness among the cybersecurity community of how freaking awesome this field is with the intersection of Linux, IoT [Internet of Things], mobile and wireless security domains.” From satellites to UAVs Broberg’s journey into cybersecurity began when he was a programmer at Lockheed Martin (LM), where he worked on space systems, followed by building research and development systems using Linux. He then moved into supporting integrated command-and-control (C2) testbeds, subsequently supporting those C2 systems at both the endpoint and network level. Broberg’s involvement with uncrewed systems came through his work on satellites. “My last two years with Lockheed Martin involved developing new test approaches for securing satellite systems. When I moved from LM to Dark Wolf Solutions, there was a striking similarity between the system architectures, even while the implementation on drones was vastly different,” he explains. Dark Wolf has performed security assessments of 30 UAS from more than a dozen manufacturers as part of cybersecurity evaluations requested by those companies, in the process, building a picture of where they tend to have weaknesses. “Unfortunately, the most common vulnerabilities are fairly well-understood weaknesses in poorly configured IoT systems, such as weak passwords, excessive user privileges, and unencrypted sensitive data in logs and configurations,” Broberg says. “These are usually seen in those UAS start-ups that haven’t really thought about the security of their systems and have focused on getting to market. Unfortunately again, designing security into the system after the initial Dark Wolf Solutions’ Ronald Broberg talks cybersecurity and the importance of hacking lessons to Peter Donaldson Cyber sense October/November 2024 | Uncrewed Systems Technology Would-be drone hackers (penetration testers) use the tools in Kali Linux to analyse a small quadcopter’s Beaglebone Blue single-board computer for vulnerabilities (Image courtesy of Dark Wolf Solutions)
RkJQdWJsaXNoZXIy MjI2Mzk4