Stealing Drones, Hackers Keepers Options

[Tarantula]

Dire, talking about SR4 riggers then... heres a quote from SR4 for you. SR4, 239, Section Jumping Into Drones, "A drone controlled in this manner acts on the rigger’s Initiative—the rigger and the drone are treated as a single unit. Any tests are made using the rigger’s own skill and attributes."

The rigger and drone are a single unit. The rigger is for all intents and purposes, the drone. Unless you know how to spoof the riggers brain to do what you want, you can't spoof the drone.

[DireRadiant]

Acts and treated... This doesn't convince me that the Drone and Rigger aren't two things separated physically and using wireless to communicate. It's not a Bug Spirit Merge. And as long as there is this channel, a spoof attempt should work. Note, I mean attempt. A jumped in Rigger is almost certainly going to immediately detect a spoof, but that doesn't mean the drone can tell the difference between the jumped in riggers signal, and the incoming spoofed signal.

The bit about using the riggers attributes for test doesn't preclude the attacking Hacker/Rigger from spoofing.

[Tarantula]

Let me put it differently then. If the hacker spoofs a command that the drone will follow on its next action (which is the riggers), then on the riggers action, he is sending it what he wants it to do (whether thats not moving, looking around, or shooting/flying around) then that would automatically supercede the spoofed command, making it ineffective all the time.

[DireRadiant]

[Tarantula]

Not reissue. Spoofing rigger issues spoof. Controlling rigger does his action, overriding spoof. Repeat ad infinitum.

[DireRadiant]

Jumped in Drones act on the Riggers Initiative. Drones on their own have 3 IP. There's room for Spoofed Commands to occur before a Rigger acts if the Rigger is using cold sim.

[Tarantula]

Drones aren't on their own if a rigger is jumped in. Thus a drone with a cold sim rigger jumped in only gets 2IPs.

[Riley37]

A jumped-in rigger FEELS like the drone is their body, and gets that level of control, because they're sending and receiving at the same bandwidth as a metahuman nervous system, but at a gross physical level, the drone is a gadget that's following the directions it gets by radio... that is, the directions which it recognizes as coming from its owner.

Hot-sim hackers can get more IPs than an unboosted cold-sim original owner. The original owner is sending and recieving a continuous stream of sensory and command data; the hacker sends just the same intensity of signal, but *with faster response*, and if the drone can't tell the difference between the signals from the original owner and the hacker, then it's likely to get a "change my password" type command from the hacker and act on it before the original owner can react. Pwned.

Alternatively, hit the drone with a jammer that drowns out the original owner's signals, and send your own commands with a transmitter stronger than the jammer. Eg orginal owner is using a Signal 3 commlink, you use a jammer that reaches the drone with Signal 4 (after attenuation over range), and you send a command to the drone with a Signal 5 commlink, duplicating (spoofing) the access ID and persona of the original user. What happens next? It can hear you, you sound like its owner, it can't hear anyone saying otherwise. Unless it's sophisticated enough to double-check the authenticity of your spoofed commands (I'd give the drone a re-test of [Pilot plus Firewall vs Hacking plus Spoof] because there was a suspicious moment of lost connection), it now obeys the one it "hears". Pwned.

A countermeasure not supported in RAW, but perhaps by common sense: generate a large set of authentication codes, keep one copy in your commlink and another in the drone (like a one-time pad), and program your drone to turn off its transceiver and return to base if it ever goes a minute without getting the next code in the sequence, *even if you're giving it instructions*. (This assumes that one can write commands with different priorities, or program one routine that can halt another routine.) So, hacker spoofs your signal; drone hears hacker's command to change access codes, and thinks that command is coming from you, and complies; hacker now has exclusive access/control; one minute later, since the hacker's commlink doesn't have and isn't sending the pre-generated sequence of authentication codes, the drone suddenly shuts off its antenna and flies "home". Rude, unexplained surprise for hacker who suddenly loses connection with the drone, possibly experiencing dumpshock. (Heck, add a Data Bomb parting shot - if the hacker is a technomancer then maybe they'll get a headache.)

[Riley37]

Yet another countermeasure, for drones such as Doberman and Steel Lynx: mount a spool of datacable (with small motor to pay out or rewind) on the drone, connect that to your control device eg commlink, and either disable the RF transciever on the drone, or redirect wireless signals to a duplicate "Q-ship" dogbrain that will record and backtrack any wireless hacking, but does not actually control the drone. Unwieldy, and worth it only if you expect a drone hacking attempt.

Very crude method: use a wireless control device that broadcasts at Signal 6, and program (or hardwire) the drone to ignore transmissions from any lesser Signal. Unfortunately, that means your own signal is gonna be "loud" and easy to pick up by Scan, but if you're running perimeter security for a large facility, that's not so bad, and any hacker with a stock Fairlight Caliban or lesser commlink won't even be able to get the drone's attention.

Mixing magic and technology: hey, if you're a hermetic mage, you already have high Logic, you might as well take a rank or two in tech skills, or just buy the EW autosoft for your drone or Agent; and if you put a tame spirit into a drone, how would that affect hacking or counterhacking?

[Tarantula]

Riley37, there is an issue with your assumption. You must have already subscribed the drone to jump into it. I think this extends to sending jumped in commands. Thusly, until you take control of the drone and subscribe it, you can't jump into it or send jumped in commands.

[Riley37]

Cogent point, Tarantula.
Step 1: spot the drone, scan/sniff for its transmissions
Step 2: Scan to figure out which of the many wireless transmissions in the drone's area is the stream of signals from the drone owner, in synchrony with the stream of signals from the drone to its owner (and likely on the same frequency, although high Firewall probably includes frequency hopping).

Can you then analyse that stream to figure out what the owner's virtual persona "looks like", what part of that signal is the ongoing authentication "handshake" with the drone?
If so, and you're trying to duplicate and override that signal, then perhaps the hacker's hot-sim VR image uses the metaphor that the owner is whispering commands into the drone's ear, and the hacker is whispering into the other ear; or trying to wiggle a key into a keyhole, while pushing out the key coming in from the other side of the door; or some such. If the owner is an unboosted normal at 1 IP, and the hacker is running hot-sim with 3 IP, then I still think there's good odds of confusing the drone about which signals are coming from its owner and which from the hacker.

If not... then there shouldn't be much the hacker can do, unless the drone's software configuration and subscriber list allow a second persona to subscribe alongside the subscription by the jumped-in owner (maybe so that the owner's teammates can access the camera feed from the drone for coordinating tactics?). In that case, you gotta hack in at "user" level, and the jumped-in owner has "admin" level access, and it's gonna be an uphill fight. If the drone's software settings (like the Preferences menu in 1990s OS) say "while the owner is jumped in, accept no other subscriptions", then it might be impossible.

I see security for single-owner, single-user devices as capable of much higher levels that devices designed to be shared by co-workers or teammates. A university computer with thousands of user IDs is more likely to have an exploitable access point, than my home computer which is set up to be used only by me. That's not explicit in BBB, but it's perhaps applicable. I also assume that there are 2070s equivalent of options such as "accept any cookie", "accept cookies only from known and trusted sources", "accept no cookies", etc., and those user choices should affect hacking. Rentacops may have left the drone's access password as the factory-installed setting of "PASSWORD"; Renraku Red Samurai will have a password which mixes letters and numbers at the very least.

[Tarantula]

To be jumped in the rigger must be VR. Which means at minimum cold sim 2 passes. And up to 4 passes hot sim w/ simsense booster.

I see it as, if you want to hack the rigged drone, either hack the riggers comm and jack him out, jam him out, or kill him.

[Riley37]

[Tarantula]

1) Direct-laser beam in shadowrun requires both parties to be unmoving, and doesn't have the bandwidth for VR. This is evident with eye laser systems for communication.

2) By a cable would be unhackable. Unless you either splice into the cable, plug the riggers cable into your comm, or plug your own cable into the drone.

3) More likely, the security team manager would be watching monitors while the rigger is jacked in next to him. If he wants to dump the rigger, he'll pull the riggers trodes/datajack off. Having a drone-side built in "dump the rigger out" command is just a liability waiting to happen.

[eidolon]

[Tarantula]

Cutting the cable dumps the rigger, the drone still has its pilot rating to go by. Not to mention most riggers leave standing orders return to me if don't receive X before signal lost.

[eidolon]

I'm torn between wondering if you just missed the fact that that was a joke, or if you are just being pedantic for fun.

[Buster]

[Fortune]

[Tarantula]

[Alphastream]

I haven't seen anyone mention the FAQ:

[Tarantula]

Theres a difference between a rigger controlling a drone via the command device action, and a rigger jumping into and becoming the drone.

[cndblank]

Given that a Drone is an an expensive piece of equipment and the company is going to be libel for any activity of the drone off company property, I could think of a lot of very common corporate practices to prevent theft/hijacking.

You could use a second processor hardwired in that could over ride the main one via the wireless connection.

First hardwired in to the drone is if drone is ordered to leave corporate property or even their predetermined patrol area unless a stage 3 alert is in place (determined via GPS), kill the wireless connection and Lock all weapons down.

Hover in Place and flush any orders given via wireless..

Reboot system/dog brain. Broadcast alert of Status (broadcast only). Return to base (drone Rack), shutdown until proper ID is given via direct feed (no wireless).

Or it could kill the wireless connection and engage non lethal weapons only. The fly to it's alert station and engage all targets the enter it's predetermined patrol area. Engage violent (as in armed) non-uniformed targets first.

Also who wouldn't Lojack their drones?

So survelliance drones are likely not too hard since they depend on not being seen.

Run of the mill security drones... harder with safeguards built in.

Combat Drones... nearly impossible. I could see any major combat drone being set up to only allow the weapons to unlocked if the rigger is jumped in. Use the Hot VR connection as the final security measure. If the simsense feed back doesn't match up with previous riggers approved for the drone then the weapons stay locked.

Still if the Corp was using drones for a black Op then the drones would need to be nearly off the shelf and wiped clean. Any security measures built in would have to do so without leaving a data trail right back to the Corp. So you couldn't have the drone phone home if hijacked. Even the style of the security measures could be a lead. Of course if the drone was expendable and rigged to explode at the end of the Op...

I won't go in to the level of paranoia that a military drone would have as far as internal security.

I do know that

1) The Military is not going to let their drones be used against them. The consequences of having drones that your own troops didn't trust not to target them makes doing without look far better.

2) The Military is also not going to let their high grade security encryption hardware and software fly off to be taken a part and sold to the highest bidder. The stuff is likely ready to blow if you look at it funny. Having their own drones turned against them would only be the first of their problems it that happened.

I could easily see them disabling all wireless connections during combat operations. Instead they would use direct laser communications (which require line of sight but not fixed positions) between the forward attack drones and several com drones with the final drone having a laser link to a ground comm unit that would be located far away from the military riggers via a fiber optic link. All of the riggers would also be directly jacked in. All the drones would have a series of protocols to follow to reestablish a laser link. They might even have mission objectives to fall back on if communications is lost. If all else fails then the drone would return to a remote pick up site and land.


Just remember that Mil Grade stuff is suppose to be so scary, expensive, and dangerous that the corporations don't use it except in the highest of security areas or the blackest of ops.

8)

[Cheops]

[Riley37]

Jumped-in control involves wireless communication of a much higher bandwidth, in my interpretation, and gives the user a much faster response cycle. Running a drone by command chair is kinda like playing an FPS game; you move your point of aim on a screem whether it's the display of a commlink or an AR "window". Interference might seem like "that's odd, my controls are being sluggish".
A jumped-in rigger might feel hacking attempts as more like losing control over their own body, and if experienced, might recognize the sensations in a fraction of a second and be immediately able to respond appropriately. A jumped-in rigger using hot-sim will respond with the speed and intensity of an agitated ferret... and perhaps with skill, too.

Per cndblank on antitheft countermeasures: yup, those apply to drones that are on perimeter duty. what about individually owned drones, eg those used by shadowrunners, private detectives, etc.?