This reminds me of a time in high school where I participated in a physics olympics competition. One of the events was to construct a bridge out of provided materials capable of supporting the most weight. The score you received was calculated as:
(sum of weights supported) / (time taken to place weights)
The winning team placed a really small amount of weight in what the judges measured as 0.1 seconds of time. They cleverly gamed the rules to take advantage that a small time would act as a multiplier. Our team came in second for that event even though our bridge supported many times the weight theirs did, even if you took as long as you wanted to place the weights. It was a bit of an abuse of the rules and I felt it went against the spirit of the competition which was to engineer a solid bridge.
In this situation, by crippling potentially better drones the virus copter may have ended up technically winning but the measure by which it won may be different than what was intended. That said, it will definitely bring to the forefront a better approach to security which will have long-term benefits.
I'm not sure your analogy applies in this case. The team that won the DroneGames HAD the BEST strategy: crippling the other drones!
This reminds of a story I heard a long time ago about a fighter in the middle of some nasty civil war who complained to a TV reporter: "no one here respects the Law of The Jungle anymore!"
http://dronegames.co/ doesn't state what the judging criteria is. If it's "survive to the end" then why not heavily shield your drone, bolt it to a fixed stand, affix a heavy EMP generator, and fry all the other electronics in the room? Your drone won't be able to do anything useful as it's bolted down but its shielding will at least allow the electronics to blink some lights and technically you could win on that fact alone.
Presumably such a tactic would violate the spirit, which I take to be demonstrating cool and unique capabilities without having to deal with hostile threats. However, I haven't been following, so perhaps drone to drone interference is actively encouraged and expected.
The scoring calculation just needs to be tweaked a little. Presumably the goal is to prevent teams from building a fragile bridge that needs exceedingly delicate placement of weights. So perhaps something like:
(sum of weights supported) / exp(time taken to place weights)
Then, select units or add a constant such that you ensure contestants have a minute or two where the ramp-up of time penalty remains modest.
I'll bet the other team members have gone on to highly lucrative careers in consulting.
The "spirit of the competition" is much like the "customer's objectives" - a concept to be completely ignored while scrutinizing the rules/specs to work out how to collect the prize/fee whilst doing the minimum amount of work.
I was there and as far as I know the drone didn't infect anything. In the end, I think he had to run amok.js manually on his own drone (substack, correct me if I'm wrong).
This contest was a lot like the first DARPA Grand Challenge--There was a lot of crashing, and if anyone made it out of the gate/left the ground there was a lot of applause. I expect the next Drone Games will be like the subsequent Grand Challenge where the execution finally matched the ambition.
I did a similar thing in high school. The formula was different: weight * length. Thus you could build a long bridge (limited by amount of materials) and place very little weight. We did not win.
A clever strategy that few thought of; it deserved to win.
On the downside, this is surely going to give me nightmares about government drones getting infected with a terrorist virus and unleashing drone-botnet-mageddon on the masses.
How quaint, a terrorist virus? No, it'll probably just be normal government drones with normal government software that unleashes drone-ageddon on the masses.
Whether it's a robot uprising, or a bug/oversight in the software, or Big Brother, is up to your own personal taste in dystopian horrors.
Although this wasn't a proper war game, it tangentially reminds me of Colonel Van Riper's pesky 'enemies' defeating the hometeam via peskiness and outsmarting the technological advantage of the home team. In one scenario, the Van Riper's team 'sunk' a flotilla but the warroomers 'refloated' them, just because.[1]
"For instance—and here is where he displayed prescience—Van Riper used motorcycle messengers to transmit orders to Red troops, thereby eluding Blue's super-sophisticated eavesdropping technology. He maneuvered Red forces constantly. At one point in the game, when Blue's fleet entered the Persian Gulf, he sank some of the ships with suicide-bombers in speed boats. (At that point, the managers stopped the game, "refloated" the Blue fleet, and resumed play.)"
even in the game with Van Riper, you could assume that your intelligence agencies did the right thing at preventing his unorthodox tactics and that's why some of his actions were never carried out. after all, if your army is (obviously) better equipped for fighting a conventional war, as opposed to the enemy, then is the job of your intelligence services to push the war towards a more traditional style war that you can win, so if the controllers assumed such a scenario their actions in such a game could be somewhat justifiable (again, assuming the red didn't have the resources of an intelligence agency backed by a wealthy nation).
now if you were to treat the AR drones competition as some sort of war game, you would have to assume such hacking capabilities on both sides, probably balancing out or interacting in interesting ways...
The enemy engages in sabotage and guerilla warfare because they know they have no chance at winning a conventional war --but the wargamers dismissed the weaknesses in some of their assumptions (such that technological superiority equates to prevalence on all fronts of the battlefield.
Van Riper showed them they had weaknesses but they preferred to sidestep them --this thought process probably explains our initial susceptibility to IEDs and other unorthodox tactics by our foes.
Since it seems the biggest users of viruses, and presumably the most talented virus writers, are those doing ddos attacks against other websites…
Who wants to guess at when the first p0wned Reaper or Predator takes out a datacenter housing servers for someone who's annoyed Anonymous, or perhaps a competing poker/porn/pills site?
(That'll make a change from the usual "Cascading failures in us-1-east" post-mortem blog posts…)
What's interesting is the "virus" could be combined with the second-place winner ("multidrone") to make a drone botnet instead of just having the infected drones "run amok".
Actually, there's some practical application for that. In an emergency situation where communication is down, a network of drones could be setup to provide a network for first-responders and aid-workers to coordinate their efforts. It could even tie-in to base stations that would have the long-range power to connect different meshes. (note: I know nothing about these drones, but looking at what's been done already, it's seems feasible).
That kind of drone network could be useful for transmitting video, or other important data that isn't that good to send by voice. Not to mention remotely controling the other drones, that would do things like searching for people in the rubble.
That said, you don't need digital transmission for a video signal [http://en.wikipedia.org/wiki/Slow-scan_television] or for remotely controlling things. A more sophisticated network like that provided by TCP/IP is always a nice thing to have, but you pay the price in terms of lost range when you start trying to use WiFi for everything. My little handheld radio can reach up to 5 miles; my WiFi station might go 500 feet. Which link would you rather have in a disaster?
It's true, robots can enhance the capabilities of rescue operations, but the comment I replied to was specifically talking about using drones to establish lines of communication. My point is that we already have that, and it doesn't require a hundred drones in the air.
Well, it's a pretty far-fetched idea anyways, but, a few things to consider:
- I never said you have to use wifi. You're right that radio would have a much greater range.
- The main advantage I can think of for a system like this would be speed of deployment. In an area with poor line of sight, they could be used to bridge the gap until a proper base-station can be positioned.
- They're more versatile. For example, they could be used as a mobile PA system.
- Of course, it's all hypothetical. Nevertheless, it'd be fun to implement and more useful than the Pirate Bay's idea of a flying datacenter.
What I liked about this the most is that the winning team thought outside the box. While most people focused on "how do we make this drone fly better?" these guys focused on "how do we sabotage the other drones?"
Not awfully surprising. It's a toy, not a Predator. Security likely was not a major design concern, and I don't really blame them. Probably even intentional to a degree, to make (owner-sourced) hacking easier.
You know the Predators were (and possibly still are) transmitting all their video without any encryption?[1] And they've also suffered virus infection on their ground-station computers?[2]
I don't know whats running on the actual drones, but it wouldn't surprise me at all to find there's well known exploits against something like QNX or VxWorks (or, and I shudder at this thought, Windows CE) that the drones are vulnerable to whilst in-flight…
Not complaining, just slightly surprised. I thought you'd have to go to an extra effort to remove the username+password prompt from the standard telnetds :)
Looks like you read that correctly. Probably shouldn't be too surprising since they are toy helicopters, though you would probably want to close that if you try to run a taco delivery company with them.
This sounds weird to me. How do they infect a system that they never saw before? Did the wrote the virus on the fly? Or those drones have a common library with a bug or something.
The drones are identical for this competition; and are running an unprotected telnet server on the same wireless network. Just look at the code:
https://github.com/substack/virus-copter
This only proves that the organizers had no technical background whatsoever.
These are the retail standard AR Drones with their own Wifi APs and telnetd enabled. It's not the organizers job to secure them. Would you expect the Defcon organizers to do the same for the attendees?
I know it's science-fiction, but the 2010 book <a href="http://en.wikipedia.org/wiki/The_Quantum_Thief>The Quantum Thief</a> makes use of weapons like these: basically firing a missile to get physical access to your adversary's computer systems with some sort of payload, and that payload of which will scan and disrupt the opponent's system.
Physical attack on enemy corporation was just a diversion.
The real attack was on corporation network. Main computer gone nuts and started selling and buying in most ineffective way. Corporation was destroyed after several minutes.
OMG!!! What if terrorists did the same thing to turn drones against us?? We need more drones to fly above the current generation of drones and monitor them NOW!
In this situation, by crippling potentially better drones the virus copter may have ended up technically winning but the measure by which it won may be different than what was intended. That said, it will definitely bring to the forefront a better approach to security which will have long-term benefits.