by Sijal Aziz
By four, Kate was back in the office. She designed her three week penetration plan and started working on it right away.
CHAPTER 4
Week 1- Hardware and Firmware
Since the program was designed to be run from secure facilities in the United States, the chances of anybody walking into a facility and taking control of an actual ground control system were slim. On the other hand, since every drone was out there, people could actually hack them and gain access to the main program since the drone was communicating to it. A link meant a path which could be exploited by a hacker.
She started reading through the firmware and she ran and re-ran the firmware program until she knew exactly how it worked and how many layers and algorithms were working within the program. She read up on the hardware and chipsets of the drones as well as the ground control system. Then she finally started compiling her attack plan for the firmware and hardware. She tried over and over again but no matter how hard she tried she could not find any hole or window in the program that would let her in.
Vulnerabilities in a software were like small windows or holes that could let a culprit into the software and allow them to do literally anything they wanted.
Kate couldn’t get in. She decided to change her strategy. Instead of trying to break into the firmware she started checking its hardware components to see if she could find any vulnerability there.
Hardware vulnerabilities were more dangerous than software vulnerabilities since they provided undetectable access to anyone exploiting this vulnerability with minimum effort.
If there are design flaws in a hardware, the hacker does not need to compile a malicious code and then worry about finding a way to inject it into the software.
They could simply walk into a system through the hardware design flaws and do as they please.
Just like “ZombieLoad”. Everyone thought that intel chips were safe until they came across the “ZombieLoad”.
It is a vulnerability that provides hackers with access to users’ passwords, logins, online accounts and data access.
Different apps on a computer work standalone and do not have access to each other’s data. The only place where the data comes together is the processor but even in the processor there are boundaries.
The design flaw in the intel chips allowed the data to bleed through those boundaries when the processor was overwhelmed with data it could not process.
This provided an opportunity to hackers to get access to all that data without working on and injecting a malicious code. Design flaws don’t become apparent right away and it takes months even years for them to float to the surface.
The manual stated that before the actual hardware components were put in, they were tested, and engineers ran tests on them using test bench.
Test bench is a high-level simulation environment that allows engineers to check the working and vulnerabilities of hardware components before they are physically installed.
Kate turned on the ground control system and started going through the test bench program. The test bench program was written in System Verilog. Kate had excellent command of System Verilog. System Verilog was a Hardware Description Language or HDL for short. It took five days for Kate to go through all the HDL components.
She could not find any vulnerability in the hardware components.
The more Kate worked on the program, the more she realized that she was finally working against something that was impenetrable.
The program was ingeniously designed and was very complicated, but the user interface was very simple. Even an eight year old could run the program and use drones and even a seasoned hacker would not be able to break through it. With week one of testing done, Kate ticked all the components in hardware and firmware as safe.
Week II- Middleware and Software
Middleware is an important part of any drone application. Middleware is a two- way communication between the drone and the ground control system.
Data like drone battery percentage, live camera feed, drone position and weapons health were communicated to the ground control system by the drones and orders like pursue, swap weapons, lock on target, fire and go home were communicated to the drone by the middleware from the ground control system.
The data and control messages going to and from the drone and ground control system is called telemetry data.
It was absolutely imperative that the telemetry data between the drone and ground control system was hack proof. Otherwise anyone could take over the drone.
Kent and Cooper had developed a double encrypted middleware communication system that was not only unreadable by the hackers but also did not allow them to break through the communication and take over the drone.
It was nothing like Kate had ever seen before. Then Kate moved over to the port link. The telemetry data exchange between the drone and ground control system is carried out through an open port. If the drone was to remain safe and secure, it had to be listening to only one port. Kate checked the port access and open port information and the drones were only listening to port W80.
She tried to check if it was possible to send a burst of data to the drone and confuse it, but it wasn’t because the drone was strictly listening to only one port. And it did not read any program other than what was sent to it by the ground control station.
Kate checked the middleware as safe in the checklist and moved to the next stage of her testing.
Since the drones worked on several programs on simultaneous levels therefore each integrated section of the software needed to be assessed for vulnerability.
For example, the drone used actual maps to make their way around paths but in case some new building, tree or impediment was in the path then it meant the drone could crash in it. Therefore, the safety of the people and the drone would be jeopardized.
In order to overcome this, Kent and Cooper had built an algorithm based Convolution Neural Network or CNN program for the drone. CNN is just like a human brain. It learns with every passing second.
Just like humans do not crash into objects voluntarily, the CNN program made sure that the drones learnt about the surrounding objects and made a decision whether to go around, above or below them or stop and hover. They learnt with every new scenario of what to do in a certain situation.
So, the drones in the program had Artificial Intelligence or AI capability and were accident proof. Kate checked the CNN and the algorithms for vulnerabilities, there were none.
Kate checked the complex algorithms in the next days and could not find any flaws or vulnerability in them. So, she checked them as safe.
Week III- Drones
On the 15th day of testing, Kate was finally able to check the drones in flight. She was excited, she turned on the ground control system and the computer attached to it to see which programs were running during different phases of drone flight.
When she turned on the ground control system, she could see the eight drones in Dome C. She took them off with the simple push of the autopilot key on the keyboard in front of the ground control system.
Once the drones were in the air, they started flying on their predefined paths giving her an excellent First Person View or FPV of the objects in the path.
The ground control system’s screen was divided in eight sections each showing the FPV of individual drone.
The partitions were numbered from one to eight. The aviator flight sticks on the keyboard were also numbered one to eight. Kate took hold of one flight stick and started controlling drone number 2 manually.
She flew the drone around for a couple of minutes to get the hang of it and then when she was confident that she could fly it properly, she started with the collision test. There were several props in Dome C.
Kate started flying the drone at optimum speed towards the prop of a human. The drone accelerated towards the prop at full speed. Kate wanted to crash the drone into the prop. Once the drone reached within 10 feet of the prop it slowed down an
d then went around the prop.
Kate had not maneuvered the drone to go around the prop, it had done so based on its CNN. Even during manual control mode, the drones wouldn’t crash into anything. Kate tried to then crash the drone on the ground, in the ceiling, in a tree and every time the drone went around the object or started hovering in the air.
That meant that the proximity sensors and its relevant programs were working fine.
Kate checked off the proximity sensors for glitches as safe.
Kate felt a bit tired and when she checked the time on the computer it was midnight. She turned the computers off and headed out of the office.
Kate wondered whether the security guards would still be around. As she made her way to the main hall, she saw that they were very much there, and the guards were different from the ones she usually saw.
She put her purse through the x-ray scanner, went through the metal detector, picked them up her purse on the other side and walked over to the reception window to get her mobile, but it was closed.
Disappointed Kate went to the elevator and made her way to her parked car. She saw that there was one more car parked in the parking lot, a Bugatti Voiture Noire. She knew it belonged to Alexander Cooper. So, she was not the only one working at the office this late.
Kate drove home and went to sleep the moment she reached her apartment.
Kate woke up fresh the next morning. She followed her daily morning routine and reached the office by 8. Once in her office she started vulnerability testing of the topography software for the program.
Final step of the drone vulnerability testing was checking the flight station control. The flight station controls were specifically designed and produced to be used for the drones in the policing project. Kent and Cooper had also designed the flight control system and was awarded the contract to manufacture them as well.
Kate took a deep breath and went to work. She turned on the ground control system and the laptop next to it which showed the processes charts.
Process charts show a viewer how many programs and processes are running during the execution of a program. Some processes are running throughout the program while others run and end as per the program requirement at various stages. By now Kate was pretty much familiar with all the little programs that integrated together to make the main program possible.
She started noting down which processes were open during the execution of different steps in the program like take off, surveillance, landing, weapon deployment etc.
All the processes looked normal, but she could see one program that opened and closed at the start of each process. She noted the name of the file and searched through the software to look into the file. She could not find any such file. Yet it was there. The name of the file was main1.exe.
What Kate couldn’t understand was why this file was called again and again at every step of the program but then disappeared within seconds from the process chart. If it was part of the main program, it should be accessible on the computer like the main.exe, which was the main program that ran the drones.
On a hunch she started searching the other files by name and she could not only see them but also open them and read through them.
Kate started getting excited. Maybe she could access this file and penetrate into the system.
But how would she find a file that she could not find anywhere. Kate went back to the other computer and started writing a software for gaining access to the hidden file. Suddenly the door to her room opened and startled Kate.
She turned around and Alexander Cooper was standing in the door.
“You are working late?”
Kate looked at the time and it was 10, “I didn’t know it was so late. I was almost about to call it a day but then thought of one more angle”
“Well you can stay here as long as you want but just to let you know there is no one else at the office besides you and me and I am heading home”
Kate looked at Alexander Cooper. The mere presence of the man was awe inspiring. He was in his late forties with an aristocratic look about him.
He was six feet tall with a muscular body. He had a strong chin, dark hair and dark eye brows with deep blue piercing eyes, that seemed to know everything.
Everything about him exuded an aura of superior intelligence.
Besides the physical attractiveness, the sound of his voice was deep and manly. When he talked people listened.
There was something about him that made people trust him.
If he had been a priest people would have followed him blindly.
He was also coding genius and was responsible for single handedly turning a garage startup into a multi-billion dollar corporation. He was always working. He was the first one at the office and the last one to leave. If he wasn’t in the office, he was seen at high level government dinners. He was on the board of directors of different charities and donated money by the millions to charities around the world and awarded scholarships to students.
There was this sheer energy about him that could be felt across the room. Women were drawn to him because of his looks and more importantly because of his money.
People who knew him were in awe of him. Initially when he had set up the company he was involved in each and every aspect of his business but now he only involved himself in bigger projects. He was more focused on winning projects and letting the company carry them out. The drone project was a big project and he was involved in every step of the project and even its coding.
“I will be heading home too, Mr. Cooper” Kate turned off the computers, picked up her purse and made her way to the door.
Alexander Cooper started walking with her, “How has it been going so far? Have you been able to find any vulnerabilities?”
“Not yet, Mr. Cooper, the program is secure from every angle. I have tried to gain access from each and every aspect, but I have been unable to find any entry points”
“Well, good to know that my people have done a good job. You know we are working on a tight schedule and we need to have this done within a week from now”
“I am on schedule Mr. Cooper. My report will be on your desk within 5 days”
“Good”, Alexander Cooper said and started to leave but then he saw the look on Kate’s face and stopped.
“Is everything alright?”
Kate was looking at the reception desk. There was no one behind the reception window again as it was 10:00PM.
“Yes, it’s just that I keep forgetting the timings of the reception window and my cellphone has been there since yesterday”.
“Do you do have a landline at home?”
“Yes, I have. I will get the phone tomorrow”, Kate said hoping that Matt wouldn’t and hadn’t called on her cell.
They both went down the elevator together. Kate was debating with herself whether to tell Alexander Cooper about the program that kept on popping up at the start of every process and then disappeared. But she decided to wait until she had done more research on it.
The elevator door opened, and Alexander Cooper said, “Good night” and left.
Kate also left the office and drove home.
The next morning Kate focused on just the hidden program. She kept probing it till she broke into it. The program was written by an expert. She could see that the program mirrored the telemetry data on the screen to another port by the name of port 56. Port 56 was not mentioned or located anywhere in the main program.
Kate could see the coding of the process and what it was doing but she needed to run the process to see what it showed on the screen.
She tried to run it, but it needed some kind of password to run. Kate started writing a code to break through the password requirement, but the program was written very well and wouldn’t allow her to break through it, so she had to read each and every line of the main1.exe program to see what it did.
If the main1 ran every time a new process was started, it meant it was essential to running of the program. But w
hy was it hidden, if it was the main part of the program. The further Kate read the program the more confident she got of its malicious nature, she found out that it had a key logger feature and a remote control feature built into it that could allow another controller to take control of the drone from the main ground control system.
All the second controller would require was a wifi connection and he was in.
It allowed the user all the features of the main program besides better manual control options.
The main1 user could take the drones on a flight to anywhere. The main1 program also had the proximity controller kill feature meaning it could turn off the proximity sensor if the operator demanded.
With the proximity sensor feature gone, the drones could be crashed anywhere.
As Kate read on, it became more interesting. The main1 also allowed the user to kill communication with the main ground control station so the second operator was fully in charge of the drones.
Kate made a note to discuss main1 with Alexander Cooper and to put it into her report.
A number of companies left backdoors into their softwares to provide access to the developer to make changes to the software and to get technical data from the program in order to analyze it to make it better, which was understandable.
What Kate could not understand was why the backdoor had the overriding control feature. She tried to justify the program from several angles but there was no logical explanation for a such a sub-program within the main program.
She read the program further and made notes of several of its features. After she was certain how the program worked, she placed a call to discuss it with Alexander Cooper.
“Hello”
“Hello, Mr. Cooper, this is Kate. I have something to discuss with you. May I come to your office?”
Alexander Cooper was heading out for a meeting with DARPA. He looked at his watch and said, “I am late for a meeting. Is it something important and needs to be discussed right now or can it wait till tomorrow?”