Paolo Stagno Relatore

Paolo Stagno (aka VoidSec) is a Cyber Security Researcher and a Penetration Tester focused on the Offensive Security field. He is specialized in Security Research, Penetration Tests, Vulnerability Assessment, Network and Application Security. He is working as an external consultant for a wide range of clients across top tier international banks, major tech companies Fortune 500 and industries. He is also the Leader and Founder of the VoidSec Project (
  • A Drone Tale, All your drones are belong to us In 2013 DJI quickly gained the reputation as the most stable platform for use in aerial photography and other fields; since then Drones have increased their field of application and are actively used across various industries (law enforcement and first responder organizations, utility companies, governments and universities) to perform critical operations on daily basis and, as a consequence, Drones security has also become a hot topic in the industry. This talk will introduce some general security issues of the drones, including vulnerabilities existing in the radio signals, Wi-Fi, Chipset, FPV system, GPS, App and SDK. I will first detail the architecture of one of the most famous and popular consumer drone product: the DJI Phantom 3. This model will be used to demonstrate security vulnerabilities of each aspects, the recommendation of fixes and the remediations for these compromises. A special focus will be made on the recent changes and countermeasures DJI has applied to the firmware of its products, in order to harden the security, following the recent accusation and the US Army ban. The topic of hacking by faking the GPS signals has been shared before in Black Hat and DEF CON events in the past, this talk will extend this topic to the drone security perspective, geo-fencing and no fly zones - 14:30/15:15, 26 May 2018