Security Expert Showed Way of ‘Weaponizing the BBC Micro Bit’ at DEF CON 2017 to take over drones.
The Micro Bit (also referred to as BBC Micro Bit or Micro:bit) is an ARM-based embedded system designed by the BBC for use in computer education in the UK. The very hyped Micro:bit computer board from BBC is not as safe as we expected it to be.
According to Econocom Digital Security’s senior security researcher Damien Cauquil, the board that is worth $15 in the US and £12 in the UK has such weak wireless operations that it could be exploited easily. Furthermore, the board’s programmable feature has made it the perfect tool for hackers to fulfill their malicious objectives. Since it is a tiny device, it becomes even easier for hackers to hide it while performing the attack.
Cauquil presented his findings at the DEF CON hacking conference held in Las Vegas on Friday. As per his research, it was quite easy to configure a mini microcomputer to record keystrokes from a wireless keyboard. It could even control quadcopter drone using skillful programming. The device is powered by a 16MHz 32-bit ARM Cortex-M0 CPU with 16KB of RAM and also features Bluetooth connectivity. Using simple Python coding, the Micro:bit becomes the perfect wireless sniffer.
The Register reports that using a publicly available program, Cauquil showed how it was possible for a hacker to program the Micro:bit for locating signals from a wireless keyboard through Bluetooth connectivity and later hide it at any feasible location to remain undetected. This way, the hacker could grab sensitive information like account passwords or login details as soon as the user types them. Although the Micro:bit has small storage space but it is sufficient for storing data that could be useful for hackers.
When Cauquil attached the Micro:bit to a drone controller handset, he was able to interfere with the control mechanism of an already airborne quadcopter and ultimately the flight controls of the drone were hijacked.
Cauquil believes that the Micro:bit’s system in this regard was imperfect and its latency issues may cause losing the connection with the drone. Yet, it was quick enough to control the controller signal from the owner. Also, drones already are quite dangerous when their owners are controlling these so we can only assume what these could be capable of when a hacker gains control of them.
Apparently, this tiny device that was supposed to be used by kids in different kinds of projects is capable of performing bigger tasks if used by a hacker.