Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

Serious Security Problems with the ALL Bebops 2022

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
Both the Bebop 1 and 2 can be disconnected/deauth while you fly, by anyone with aircrack program :(
This means loss of ALL control while flying and will not RTH
Having WPA2 on makes no difference.

I wish this would get fixed.
 

Assemblybhz

Active member
Joined
Aug 7, 2022
Messages
26
Reaction score
8
I’m not worry at all, normally drones don’t bother to encrypt data anyway. Analog video @ 5.8Ghz or radio data protocols like frsky D8 or D16, flysky AFHDS or even express LRS are much less secure and much easier to hack than that and no serious problems have been found about this for the last 20 years. If you really care about security don’t fly a 9 year drone, go instead after more secure radio links like occusync 2.0 or better.
I know people flying bebop for years with no Wi-Fi password at all and never get any problems.
 

mikeexplorer

Well-known member
Joined
Nov 22, 2019
Messages
265
Reaction score
44
Location
Scranton, PA
Website
www.nepaview.com
Unlikely there would be an update for it since the drone has been discontinued for some time now. I have never had a problem with it and still fly it. Still works for me.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
^ Nope. the problem is the wifi and there is no fixable patch because the larger problem is WPA2 itself.

Look at the 3rd PDF I posted from Johns Hopkins University on page 9 about BB2, lots of security holes.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
UPDATE:

Took the drones to a paid service to get it tested for penetration and was shocked and saddened.

BB1, BB2, BB2 power Sky Controller 2 and Sky Controller 2P all knocked off line. SC2 was successfully disconnected on all the drones, not good. Even tested without SC2, phone to drone, and that was disconnected as well. With no way of reconnecting.

The testers told me a big problemfor the bebops was that the wifi routers did not support Protected Management Frames (PMF). If there is an option to enable it in telnet I would like to know. I know nothing short of replacing the broadcom - 2 stream wifi module.

Anafi did not fail any tests.
 

Boggy B

Member
Joined
Oct 31, 2022
Messages
5
Reaction score
1
Location
CO
Considering the Bebop 2 is pretty much impossible to fly in places with a ton of wifi noise anyway, who cares?
I leave mine open with just MAC restrictions for my devices, which won't protect against de-auth, but I'm generally miles away from other people much less populated areas where I fly.
 
  • Like
Reactions: Assemblybhz

Boggy B

Member
Joined
Oct 31, 2022
Messages
5
Reaction score
1
Location
CO
Anyone who can figure out how to sniff and spoof a MAC can figure out how to de-auth, so your security margin with a password is pretty much nil.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
Anyone who can figure out how to sniff and spoof a MAC can figure out how to de-auth, so your security margin with a password is pretty much nil.
Why would it be nil with a wpa2 password? What would mac spoofing do to the drone? Capture handshake?

Also if you try mac filtering following the guide steps with the drone it bricks it. I tired it and was unable to connect to any devices that I allowed via mac filtering and bricked it months ago.

Pretty much this problem only exists in a spot that you fly at often, that is observed by others(park,backyard, flying site you go to everytime) and not really if you fly at an odd location or in the country.
 
Last edited:

Boggy B

Member
Joined
Oct 31, 2022
Messages
5
Reaction score
1
Location
CO
De-auth works by simulating disconnect initiated by the client, using its MAC.
MAC filtering works just fine on my Bebops.
But you're right, if you fly your drone a lot in the same area and are observed by technically-inclined individuals, your drone may be targeted by these types of attacks. Still, the Bebop 2 will attempt to land gracefully when the battery drops below whatever threshold, so as long as you're not over water (or maybe tall trees), you'll still be fine.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
MAC filtering works just fine on my Bebops.
On bebop 1 I followed the guide and could not connect to it with filtering setup on any of the approved devices or non approved and reset doesn't overwrite that, leading to a brick. how did you get around it?

Yeah don't give people bad info and leave bops open, anyone then can ftp and telnet in and really mess up stuff that resets won't fix. Really, you want wpa2 on!
 

Boggy B

Member
Joined
Oct 31, 2022
Messages
5
Reaction score
1
Location
CO
I said open with MAC restrictions. Again, your concerns are overblown. Bad actors aren't going to waste their energy on your $150 drone. Do secure your home wifi, though.

For MAC filtering, here's the note I wrote for myself (based on the hacking guide). This has worked on 4 different Bebop 2's:
1. Press the power button 4 times to enable the adb server.
2. Connect to the drone's wifi.
3. Connect to the adb server, remount the file system, and edit the wifi config:
Code:
   adb connect 192.168.42.1:9050
   adb shell
   mount -o remount,rw /
   vi /sbin/broadcom_setup.sh
4. Insert the following lines after the line containing `bcmwl sgi_tx 0`:
Code:
   bcmwl mac A1:B2:C3:D4:E5:F6 1A:2B:3C:4D:5E:6F
   bcmwl macmode 2
Save the file. Spoof to connect if devices are lost.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
If you leave your wifi open, ftp and telnet is available something no one wants open, one less crash mitigation. You must know that Boggy? But that's you and your drone, take care now.
 

parrotanafifan

Well-known member
Joined
Aug 14, 2019
Messages
359
Reaction score
50
Location
U.S.A.
Going back to my post (#9). Has anyone figured out how to enable 802.11w PMF on the Bops? I believe it has to be done in broadcom_setup.sh but don't know how to enable it. I do believe the radio chip supports it, (amendment was about 6 years before bop1 came out) If Parrot could put out a patch on FreeFlight Pro to enable/toggle it on with bebop 1 and 2, I would appreciate it.

This alone would solve many disconnects people have in urban environments.
 
Last edited:

Latest threads

Members online

No members online now.

Forum statistics

Threads
4,997
Messages
43,491
Members
7,224
Latest member
Kimallmiggty