Advertisement
Pilsen, Czech Republic—July 16, 2015: Drone quadrocopter DJI Phantom 3 Professional with high resolution digital camera. (Photo: Kletr via Shutterstock)

The U.S. Army banned the use of drones made by the Chinese company DJI last week, apparently in response to the load of hackable data the machines collect and store.

This morning, a University of New Haven team demonstrates exactly how such common consumer drones can be accessed through digital forensics, in first-of-its-kind research.

The school’s Cyber Forensics Research and Education Group is presenting a new open-source tool to access the DJI Phantom III at the 17th annual DFRWS Digital Forensics Research Conference in Austin, Texas, this morning, according to the schedule.

“While much work has been conducted with regards to security of drones, little work has been published with regards to the forensic analysis of drones,” the team argues in its presentation and paper. “As these devices continue to grow in capabilities it will become necessary to have a forensic method for acquisition and analysis grounded by science and robust testing.”

The paper, authored by Devon R. Clark, Christopher Meffert, Ibrahim Baggili, and Frank Breitinger, was provided to Forensic Magazine by the team.

The drone can be accessed by the DRone Open source Parser, or DROP. In turn, the DAT and TXT files that are encrypted and encoded on the machines can provide data including GPS locations, battery power, flight time and other information.

The team performed a factory reset on the drone, then flew the machine all over the campus grounds in Connecticut. They then took a physical image of the 64 GB external SD card, before putting it into a Cellebrite write blocker.

Using the template of the two types of data they downloaded from the machine, they created a command-line forensic tool in Python 3.4: the DROP tool.

Locations, times, tracking and other data were all available within the translated code, they conclude.

“We provide the first account, tool, and method for being able to correlate data extracted from the drone’s non-volatile internal storage and the mobile drive used to control it,” they conclude.

DJI makes up about half of the drone market in the U.S. as of last year. Although the New Haven work only outlines the forensic analysis of the DJI Phantom III—since the work is “tedious and requires plenty of reverse engineering”—it could provide foundation to other machines, the cyber forensic team writes.

“While we dive deep into the DJI Phantom III, we argue that this is a good start given that DJI currently holds the highest market share in the drone market, and the fact that their drones have already been used by terrorism groups such as (the Islamic State),” they write.

Indeed, the Islamic State has used similar drones for surveillance purposes—and in one case successfully used one to kill with rigged explosives.

The applications of the drone forensics include proving invasion of privacy cases, as well as the potential weaponized attacks of the future, they add.

Another New Haven team also involving Baggili and Breitinger presented another paper at the DFRWS conference this morning, on the forensic investigation of programmable logic controllers (PLCs) which are a common target for cyberattacks. 

Advertisement
Advertisement