Paolo Stagno Relatore

Paolo Stagno (aka VoidSec) has worked as a consultant for a wide range of clients across top tier international banks, major tech companies and various Fortune 500 industries. At ZeroDayLab, he was responsible for discovering and exploiting new unknown vulnerabilities in web applications, network infrastructure components, IoT devices, new protocols and technologies. He is now a security researcher and a penetration tester focused on offensive application security. He enjoys understanding the digital world we live in, disassembling, reverse engineering and exploiting complex products and code. In his own research, he discovered various vulnerabilities in software of multiple vendors and tech giant like Cisco, eBay, Facebook, Fastweb, Google, HP, McAfee, Opera, Oracle, Paypal, Western Union, Yahoo and many others. Since the beginning of his career, he has enjoyed sharing his expertise with the security community with his website and blog (https://voidsec.com).
  • A Drone Tale, All your drones are belong to us In 2013 DJI quickly gained the reputation as the most stable platform for use in aerial photography and other fields; since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responder organizations, utility companies, governments and universities) to perform critical operations on daily basis and, as a consequence, Drones security has also become a hot topic in the industry. This talk will introduce some general security issues of the drones, including vulnerabilities existing in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. I will first detail the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate security vulnerabilities of each aspects, the recommendation of fixes and the remediations for these compromises. A special focus will be made on the recent changes and countermeasures DJI has applied to the firmware of its products, in order to harden the security, following the recent accusation and the US Army ban. The topic of hacking by faking the GPS signals has been shared before in Black Hat and DEF CON events in the past, this talk will extend this topic to the drone security perspective, geo-fencing and no fly zones - 14:30/15:15, 26 May 2018