Police-deployed drone projects are no strangers to DRONELIFE readers nor to this reporter (see some examples here, here and here). What you may not know is thata security researcher has found some potential security risk in some models used by police.
According to WIRED, research “hacker” Nils Rodday planned to demonstrate security flaws in an unrevealed drone model (Rodday will only say it costs between $30,000 and $35,000)during the RSA Security Conference in San Francisco. The IBM expert says that the breach he discovered (while still a grad student at the University of Twente in the Netherlands) would allow a hacker to control a quadcopter by capturing its radio connection using a laptop and USB-connected “radio chip.”
WIRED senior reporter Andy Greenberg writes:
“By exploiting a lack of encryption between the drone and its controller module known as a ‘telemetry box,’ any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator.”
“You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday said in the article. “Everything the original operator can do, you can do as well.”
In order to test the loaner UAV, Rodday had to sign a non-disclosure to not reveal the manufacturer – although he did say the drone had a 40-minute flight time and was popular with public-safety agencies.
The security breach is especially vulnerable in the connection between the UAV and its control module – a breach caused by the Xbee chip.
“Those chips, often used in mesh networking, do have built-in encryption capabilities. But in order to avoid latency between the user’s commands and the drone, the quadcopter doesn’t implement that encryption function, leaving the drone open to a man-in-the-middle attack in which another malicious machine could join the same network,” Greenberg stated.
Drone hacking is certainly not a new problem for UAV manufacturers and users. Last year, Forbes writer Thomas Brewster pointed out a security threat in GPS tech that would “allow a nearby hacker to spoof signals, change coordinates and commandeer [a drone] and take it wherever they wanted, whether that’s the White House or Dulles airport.”
Brewster also reported that Chinese researchers have already shown how a hacker can use open source GNU Radio software to usurp the GPS coordinates on a DJI Phantom 3.
In 2014, DRONELIFE also reported that “Samy Kamkar’s Skyjack software, which made a ruckus when it hit the internet last December. Skyjack is a simple software program specifically designed to gain control of a drone while in flight. The software scans for wireless signals associated with active drones within the vicinity and allow the user to hack into, and gain complete control of the drone.”
Jason is a longstanding contributor to DroneLife with an avid interest in all things tech. He focuses on anti-drone technologies and the public safety sector; police, fire, and search and rescue.
Beginning his career as a journalist in 1996, Jason has since written and edited thousands of engaging news articles, blog posts, press releases and online content.
Email Jason
TWITTER:@JasonPReagan
Subscribe to DroneLife here.