DARPA unveils “Hack Proof” Mini-Quad Copter

DARPA’s has unveiled a “hack proof” UAV that demonstrated that a non-compromisable drone could be developed.

The mini-quadcopter is the creation of their High-Assurance Cyber Military Systems (HACMS) program, and one of many DARPA devices displayed to the Pentagon on Wednesday according to DefenseTech.

There are numerous reports of drones malfunctioning or possibly even hacked by attacking their GPS guidance system.

Basically DARPA understands the risks of Drones being hacked or mission compromised and is looking for new ways to protect these valuable assets.

Enter DARPA’s HACMS (Hack-ems? Hack MS?? Gotta love government acronyms) division. According to DARPA’s website, “The goal of the HACMS program is to create technology for the construction of high-assurance cyber-physical systems, where high assurance is defined to mean functionally correct and satisfying appropriate safety and security properties.

And in this case, DARPA unveiled a hardened software system and pared it with a mini-Quad copter to see if they could create a non-hackable platform.

The software is designed to make sure a hacker cannot take over control of a UAS. The software is mathematically proven to be invulnerable to large classes of attack,” Kathleen Fischer, HACMS program manager said.

Of course all in the cyber security realm will scoff at the idea of being “unhackable”, but in it’s defense, the mini-copter was able to hold off a “Red Team” – a group of hackers that pretend to be bad guys and test systems looking for holes.

The control software wasn’t necessarily created with mini-UAV’s in mind, but larger military grade drone platforms. And that is not all, in the future it may not just be used for drones.

Soon you may see this same tech released as an Open Source project and used to create hardened network routers and even possibly solve security problems associated with BYOD or employees bringing in their mobile wireless devices for network connectivity.

Pretty impressive indeed!

Help Improve Security by Playing Video Games made by DARPA

DARPA Verigames

The Defense Advanced Research Projects Agency (DARPA) recently announced a new project to use video games to help test computer software for security vulnerabilities.

The military and government use a lot of Commercial Off-the-Shelf (COTS) applications, and they need to go through a formal verification process to make sure they are free of security issues.

DARPA’s Crowd Sourced Formal Verification (CSFV) has created several games to try to make the process fast, easy and fun:

“We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun,” said Drew Dean, DARPA program manager. “By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.”

The five games: CircuitBot, Flow Jam, Ghost Map, StormBound, Xylem are available on Verigames.com.

I took CircuitBot for a spin and found it mildly entertaining. The game walks you through a how-to-play tutorial to get you up to speed. The tasks seem pretty scripted, but the graphics were pretty good and it did feel like you were playing a turned based builder game.

circuitbot

I think it is a great idea to turn mundane complicated tasks into a crowd sourced game.

Honestly my only concern about the project is how willing citizens will be to installing government code on their systems, especially with all the NSA spying that has been revealed.

US Military Robotics take some Big Strides this Week

I love military hardware and history. Some big news came out this week on advancements in robotics and drone warfare.  This week an aerial drone successfully landed on an aircraft carrier for the first time and and America’s most advanced human looking robot was revealed.

Drone and robot use has increased dramatically and will be a major force in our military in as soon as the next few years.

Here is a look at the latest tech:

“The X-47B Unmanned Combat Air System (UCAS) demonstrator completed its first carrier-based arrested landing on board USS George H.W. Bush (CVN 77) off the coast of Virginia July 10.”

And meet Atlas, one of the most advanced humanoid robots ever built, created by Boston Dynamics:

Amazing!

Stick some armor plate on that guy and give him a couple Squad Automatic Weapons or some AA-12 automatic shotguns and he would look pretty ferocious!

Small Disposable Devices that Own Wi-Fi Networks with Help from DARPA

If you haven’t seen Brendan O’Connor’s security conference presentations on “Reticle and F-BOMB” you should really take the time out and check them out. It is a fascinating project on using low cost computer boards to create a disposal, bot-net like, distributable Wi-Fi spying system. 

Once deployed, the sub $50 devices can crack and use the target’s wireless network to communicate back to the attacker using encrypted channels. As explained the F-BOMB, or “Falling or Ballistically-launched Object that Makes Backdoors“, can be deployed by being thrown into the target’s complex, hidden inside other objects, or even delivered via quad rotor drone.

But what would an F-BOMB be without brains? And this is where Reticle comes in.

Reticle is the software brain behind the cheap hardware brawn. Basically it is “Leaderless Command and Control” software that combines several open source products that in essence create an intelligent, fault tolerant and fully encrypted remote spying platform.

And get this, the software part of the project was created with funding from DARPA, the government’s advanced DoD research organization. Reticle was created under DARPA’s Cyber Fast Track program. A program that helps get idea’s to functional tech with greatly reduced paperwork and overhead.

Here is Brendan’s Bsides Las Vegas 2012 provided on YouTube by Adrian Crenshaw (aka IronGeek):

(NSFW intro comment)


Later this month at Black Hat USA 2013 Brendan will talk about his latest creation of this technology called CreepyDOL.

According to the presentation overview:

“CreepyDOL is a distributed sensing and data mining system combining very-low-cost sensors, open-source software, and a focus on user experience to provide personnel identification, tracking, and analysis without sending any data to the targets. In other words, it takes you from hand-crafted, artisan skeeviness to big-box commodity creepiness, and enables government-level total awareness for about $500 of off-the-shelf hardware.”

Sounds cool, in a really creepy way!

So, check out Brendan’s Bsides video from last year, and if you are at Black Hat this month, be sure to stop in and check out his presentation!