UAV Operator Blames Hacking For Malfunction That Injured Triathlete

jaa101 (627731) writes "The owner of a drone which fell and reportedly hit an athlete competing in a triathlon in Western Australia's Mid West has said he believes the device was 'hacked' into." From the article: "Mr Abrams said an initial investigation had indicted that someone nearby "channel hopped" the device, taking control away from the operator. ... Mr Abrams said it was a deliberate act and it would be difficult to determine who was responsible as something as common as a mobile phone could be used to perform a channel hop. The videographer added that there had been a similar incident when the drone was flown earlier in the day."

Evolution

[SuperKendall]

This is why, as a professional athlete, I always make sure I'm fielding my own anti-drone drone to take out drones that get close to me.

Re:Evolution

[davester666]

This is the funny part "The videographer added that there had been a similar incident when the drone was flown earlier in the day."

If he drove a car, and he noticed that the brakes had failed earlier, but instead of getting it repaired, he started a new trip, eventually plowing into a group of people, he would be in jail...

I guess it's different if you are piloting a toy plane over a crowd.

Re:Evolution

[Architect_sasyr]

Reads like bullshit anyway. Something went wrong, he throws up the "it wasn't me it must be those evil hackers" defence rather than accepting the blame for putting his device together poorly or letting it go out of range. There would be no way of knowing for sure if another device took control during the incident (because who would build that in to a home made UAV), so he *may* be telling the truth, but if it happened twice in one day either someone is out there deliberately hashing the channels to mess with everybody, or he just went out of range/did something wrong/etc.

Re:Evolution

[ShanghaiBill]

This article has a much better photo, including the "drone" right after it smacked into the guy's head.

Re:Evolution

but if it happened twice in one day either someone is out there deliberately hashing the channels to mess with everybody, or he just went out of range/did something wrong/etc.

Or someone on the track next door has a track cleaning machine with bad shielding around the motor. They clean the other track whilst everyone is looking at the athletes competing over on the other side.

Re:Evolution

[niftydude]

Reads like bullshit anyway..

\ This is correct. According to the drone operator: "She looks over her shoulder and gets frightened, falling to the ground and bumping her head, but the drone didn't actually strike her"

But according to the triathlete: "I have lacerations on my head from the drone and the ambulance crew took a piece of propeller from my head"

I reckon the drone operator is full of shit and just making up whatever comes to mind. In the same breath he claims that the drone didn't hit her, that she fell on her own, and that anyway the drone was hacked so it isn't his fault. Typical blame everyone but himself personality disorder.

Re:Evolution

[ozmanjusri]

Something went wrong, he throws up the "it wasn't me it must be those evil hackers" defence rather than accepting the blame for putting his device together poorly or letting it go out of range.

The drone looks like a DJI Flamewheel F550, and I'm guessing by his comments he was using the DJI iPad Ground Station (or equivalent) to bluetooth to his iDevice.

That gives any hacker two vectors of opportunity, but also the operator two transmitters to get out of range from, with the Bluetooth connection being the shortest range and most likely culprit. And if it was really a bad guy taking control or disrupting the connection, I suspect the iPad's Bluetooth is again the one any opportunistic villain would be more likely to be familiar with.

Re:Evolution

[NoKaOi]

Mobile phone 'could have been used to channel hop'

Um, so pretty much doesn't that mean the drone was running on WiFi? So it was most likely simply interference, another device was trying to use the same channel has his device. Lesson 1: If you're going to operate a UAV over WiFi, check to make sure nothing else is on the channel. Lesson 2: If you're going to operate a UAV over WiFi, don't fly it where it could crash into somebody because you never know when another device is going to interfere with the channel you're using. Lesson 3: If something in the area interfered with it in the morning, don't fly it over humans without figuring out the interference.

He said a full check was conducted and the device was taken elsewhere for a test flight, but he said no issues were detected.

Which means whatever it was interfering with was in the area you were operating it in when it crashed, not the area where you tested it.

Mr Abrams said an initial investigation had indicted that someone nearby "channel hopped" the device, taking control away from the operator.

So somebody switched on their mobile hotspot and it was on the same channel as your UAV.

The videographer added that there had been a similar incident when the drone was flown earlier in the day.

Wow. Had this not happened I'd say the guy doesn't understand technical stuff (he's a photographer, not an IT guy) and that this was an unfortunate accident, but considering it happened earlier, he didn't consult with a technical person, and he still flew it over humans that's downright negligence and he should be responsible for the competitor's medical expenses, entry fee and any travel expenses. Perhaps even prosecuted for endangerment (either reckless endangerment or public endangerment, I think Australia has those laws similar to most US states).

Re:Evolution

[Arancaytar]

He's basing his claim on the drone footage showing it crash to the ground. That doesn't mean she didn't get hit: Depending on how fast the drone was going, the shrapnel could have been pretty nasty - particularly pieces from the propeller.

Re:Evolution

[niftydude]

He's basing his claim on the drone footage showing it crash to the ground. That doesn't mean she didn't get hit: Depending on how fast the drone was going, the shrapnel could have been pretty nasty - particularly pieces from the propeller.

None of that gives him any evidence or indication to support his claim that his drone was hacked. He's completely plucked that excuse out of thin air to avoid personal responsibility for his actions.

If you had ever been to Geraldton, you would know that it is a small country town on the edge of nowhere, and that the idea that there are some uber-hackers floating around a local triathlon hacking into drones is ridiculous.

Re:Evolution

[geekoid]

But it can never be a man's name.
ZING!

If only it were possible to do challenge/response!

[tlambert]

If only it were possible to do challenge/response! Using a pre-arranged CERT, so that the drone sends a challenge for each command that has to be encrypted with the shared secret before the drone would accept it!

Oh... wait... it's completely possible.

Sounds like a RC plane not a drone

[whois]

If it's subject to interference caused by someone broadcasting on the same channel and it can't compensate for it by switching channels or in some way authenticate it's control traffic, then it's a poorly designed toy and shouldn't be used commercially.

Reading the article:

"Operators of all unmanned drones used in a commercial capacity are required to be certified.
Neither Mr Abrams nor his business appear on the list of the 92 operators certified nationally."

So it sounds like he should be charged with some form of negligence if that is applicable to Australia. In the US the FAA would also probably be fining him.

Re:Sounds like a RC plane not a drone

[ScentCone]

In the US the FAA would also probably be fining him.

Well, that's not entirely clear just this moment. In the now-headed-into-appeals area of Huerta v Pirker, it kinda looks like the FAA doesn't actually have any formal, properly constructed rules in place. Guidance only. Their distinction between recreational and commercial use of the very same RC machines used by the same people in the same place at the very same time is pretty ridiculous - and the administrative law judge handling round one of that case agreed. But the case is still baking.

So, if you dropped your camera drone on someone's head in the US right now, and weren't flying next to an airport or beyond line of site or over 400' ... then the trouble you're in is roughly the same as if you'd hit the same person in the head with a lawn dart or a football. Good ol' fashioned reckless endangerment, having nothing to do with the FAA pe se.

Re:Sounds like a RC plane not a drone

[I'm+New+Around+Here]

" if you'd hit the same person in the head with a lawn dart ..."

We had Jarts when I was a kid. Never had anyone get hit by one. Now they're banned. Sad.

Re:Sounds like a RC plane not a drone

[bloodhawk]

I don't think this should be classified as an accident. It appears he breached many safety rules, isn't certified and was using non commercial grade equipment, with so much blatant negligence even if it was a hacker "highly unlikely" then the moron flying it should still be taken to the cleaners and be up on many charges from CASA.

Re:Sounds like a RC plane not a drone

[mjwx]

If it's subject to interference caused by someone broadcasting on the same channel and it can't compensate for it by switching channels or in some way authenticate it's control traffic, then it's a poorly designed toy and shouldn't be used commercially.

Reading the article:

"Operators of all unmanned drones used in a commercial capacity are required to be certified.
Neither Mr Abrams nor his business appear on the list of the 92 operators certified nationally."

So it sounds like he should be charged with some form of negligence if that is applicable to Australia. In the US the FAA would also probably be fining him.

Negligence is more heavily punished in Australia than in the US... As such professional indemnity insurance costs a lot over here.

I have no doubt he'll be hearing from CASA (Civil Aviation Safety Authority), Australia's FAA.

Sounds like this is a dodgy operator who's trying to get an amateurish legal defence started from the word go.

Re:Sounds like a RC plane not a drone

[buchner.johannes]

Never had anyone get hit by one. Now they're banned. Sad.

Over a period of eight years, lawn darts had sent 6,100 people to the emergency room. 81% of those cases involved children 15 or younger, and half of those were 10 or younger. The majority of injuries were to the head, face, eyes or ears, and many had led to permanent injury or disability.

http://mentalfloss.com/article...

And one was killed.

Just use plastic ones!

yeah right!

[bloodhawk]

"honest sir I didn't crash it, someone took control away from me", firstly Bullshit. secondly it is your drone, you are responsible for it, if you can't secure it then you should not be using it around people.

Re:yeah right!

[exomondo]

secondly it is your drone, you are responsible for it, if you can't secure it then you should not be using it around people.

thirdly, it should not have been flown within 30 meters of another person.
fourth (ly?), as it was used in a commercial capacity it should have been certified but neither Mr Abrams nor his business appear on the list of the 92 operators certified nationally.

Re:yeah right!

[Opportunist]

And it's a drone that whacked the triathlete. The only thing that doesn't fit well into a /. story is that there's sports outside the e-sports field involved, but, well, you can't have everything.

Now if he fell someone competing in a LOL tournament, that would be the story of the week!

I saw this on HAK5.

[jeek]

http://hak5.org/episodes/hak5-...

Even if you can't issue commands, you can knock out the control chanel.

Re:I saw this on HAK5.

[TubeSteak]

It shouldn't matter if you knock out the control channel.
Remote control [anything] should always be set up to fail in a "safe" manner, for various definitions of safe.

Here's a picture of the aftermath, with someone picking up the hexacopter and its pieces.
The triathlete is on the ground with blood, if you're squeamish about that kind of thing.

What BS

[NewtonsLaw]

Modern 2.4GHz RC gear requires a significant level of tech-expertise to "hijack" in the manner suggested.

Occam's Razor has the answer...

Simple mechanical, electrical or operator failure -- nothing more, nothing less.

Too many would-be "drone" operators have scant understanding of the need for a maintenance schedule and proper planning before deploying even the smallest and most lightweight of craft.

The problem is that far to many people buy these things and then treat them as if they'll just keep working forever -- simply charge the battery and fly!

Unfortunately, props fatigue, motor bearings wear, ESCs can overheat and flight controllers can fail.

There's a hell of a lot more to safely deploying one of these craft than flipping a few switches and wiggling some sticks.

I'm not a commercial operator -- I fly for fun but even *I* am very much aware of the importance of good housekeeping and planning when it comes to using these things safely.

Re:What BS

[AK+Marc]

You didn't either. His points weren't in the article, but weren't contradicted by it either.

Re:If only it were possible to do challenge/respon

In the US, properly designed 2.4 GHz RC radios, at least for model aircraft,
do in fact authenticate control signals. The best of the lot use a
channel hopping technique that is effectively all but totally imune to interference.
I assume that such equipment is available in Australia, and should have been
used.

He probably believes it; he's probably wrong

[harryjohnston]

Reminds me of a student, many years ago, who told me very seriously that hackers regularly broke into his home computer to mess with him. The evidence? Visual Studio (IIRC) kept changing between "inserting characters" and "overwriting characters" when he typed.

I asked if he might be accidentally hitting the Insert key. He had no idea what the Insert key did.

To his credit, when I explained, he acknowledged that this might have been the cause and perhaps there weren't any hackers in his computer after all.

Re:He probably believes it; he's probably wrong

[I'm+New+Around+Here]

After that, you erased all traces of your invasion, and left his computer alone?

Re:He probably believes it; he's probably wrong

[VortexCortex]

I had a similar problem with Visual Studio on XP. Every so often I would be in the middle of coding and it was like someone had hit the page up key: The cursor would jump higher up in the document. I'd stop, take a deep breath, look at my fingers, look across the keyboard at the Page Up key to make sure it hadn't leaped under my hand and just glare at it, sitting there, mocking me innocently, as if it had done absolutely nothing wrong!

It was only mildly irritating at first, by using some Ctrl+Z, Ctrl+Ys to undo/redo the last edits I could place myself back at my last location and continue. But the thing was, it would only happen when I had finally achieved that Zen-like state where one's problem-space has clearly unfolded in one's mind and one's code changes to match one's solution by flowing onto one's screen as a char stream without one explicitly willing one's fingers, then ZERO! Blam, Page Up out of nowhere!

return !this->Fucking( shit.AGAIN ); That damn key was actually trying to screw with me. This was personal. Someone was remote-desktopping me, had to be. Those bastards were tricky though. No remote-assistance session or other VNC in the process list. Maybe it was a custom keyboard hook, maybe the executable was named svchost.exe? All the other processes were accounted for, so I wrote a daemon service to detect & kill that process any time in popped up. Screw it, no one knows what is does anyway, and sure enough it would just keep springing back to life as fast as I could kill it and things would go fine for a little while until They would kill the watchdog service itself! Clever. Girrrl. (If only I had known then what I know now about Windows.)

I disconnected the modem from the Internet. Still happened, so I filled a drive full with a Wireshark log in promiscuous mode to make sure it wasn't coming from inside the network, but I didn't see anything Tooo suspicious... I ventured a cautious query among the tables of nearby_associates, but no rows were returned. They scarcely acknowledged the sin occurred. Maybe I was inadvertently activating some context sensitive pop up. So, I managed to catch the behavior via desktop recorder. No pop-ups detected, and still no one believed me. Were they right? Was hitting the Page Up key accidentally? No, that was impossible. Like the safety mechanism on a nuke's big red button, a taped-on cardboard cover now had to be flipped up prior to activating the devil's key. Subconsciously then? I didn't feel crazy, but I hear the insane never do... It was a risky decision, but I disassembled the laptop keyboard, purged that horrific underworld of unspeakable abominations, and still the terror remained. No it wasn't me, it was a Rootkit. Had to be. I restored to increasingly older drive images, no dice. Reformatted, reinstalled everything, setup the build environment again, and the rogue Page Up still haunted me!

If I took my time and breaths evenly and carefully entered code nothing would happen. This snail's pace wouldn't do for productivity though. As soon as I got into the groove Wham! Slammed right up-side the screen again. I couldn't get anything done. I didn't know how They were doing it, but They couldn't be watching always, so I tried coding at odd hours, through lunch time, at 9pm, midnight, 3am. I broke. I didn't even accuse anyone; I just offered to pay off whichever of my colleagues or friends was doing this heinous prank. Well, what do you know? My younger brother finally confessed after I bribed him a Benjamin to ID the culprit. Little script-kiddie asshole... He was Lying! "JesusChrist, Man! It wasn't me!", he admitted the next day after I gave him what was to become known as the Serial Stare.

I became vaguely aware that the infuriating Page Up's trigger followed a pattern. The exact cause u

A likely story

[Brett+Buck]

I have been flying model airplanes for 50ish years now, and in that time, I have never ever heard of any RC pilot crashing due to pilot error. In every single case, it was "radio failure"

Re:A likely story

[gmhowell]

In an unrelated story, there are no guilty men in jail.

Pilot Made Multiple Errors, "Hacking" Claim Is BS

[ausoleil]

Multicopter pilot here. In short, it looks like the pilot was a hobbyist out of his depth and was performing dangerous maneuvers before any so-called hacking with equipment not meant for the job.

I don't know a lot about the specifics of the accident, but the multicopter that was involved in the accident was using a very outmoded form of technology to control the multicopter (wifi) rather than the far more reliable multichannel failsafe 2.4GHz DSMX systems that are in common use with bigger multicopters. While it may be possible to "hack" the signals controlling the 'copter, it's more likely that the control loss was due to RF interference, either by purpose or accident. I would imagine that a sporting event such as the one where the incident occurred would be awash in wifi signals from dozens if not hundreds of sources.

Secondly, the multicopter pilot was doing something that experienced pilots / cinematographers strongly avoid: flying directly over people. Even the best control systems and multicopters can malfunction, and hovering over a crowd is obviously a bad place for that to happen.

The type of multicopter also gives away the apparent lack of skills or experience of the pilot. Parrot AR 'copters are not professional-grade equipment and they are not devices that someone who earns a good bit of money from aerial filming would use.

(note: apologies for a double post, I forgot to log in to post this reply.)

As a pilot, you are ALWAYS responsible

[Jinker]

While learning to fly full scale airplanes it was drilled into me over and over, it is *always* the pilot/operators responsibility.

You either screwed up, or failed to ensure you were using reliable equipment, or failed to account for uncertainties in how you operate it.

Running what is essentially hobby hardware (radios, speed controls, batteries etc.) over top of people is just plain irresponsible.

"Oh, but I haven't crashed before."

Yeah, until you do.

Re:If only it were possible to do challenge/respon

[Opportunist]

Frequency hopping RC radios are pretty much the standard today among model plane enthusiasts. My dad happens to fly them and IIRC the freq hopping technology went into mainstream a good decade ago, as far as I know you can't even get "old school", fixed-channel controls anymore. It's also low-tech-person compatible technology (my dad most definitely is one), you simply press a button on both sender and receiver to "attune" them and you're set.

The technology is also quite tamper proof. Short of full frequency spectrum static flooding, there is very little you can do to disable communication between sender and receiver, let alone "take over" control of such a plane.

Of course, I don't know what the current tech standard for drones is like. I would have thought, though, that the standard would be higher than it is for toys.

Hacked?

[dozr]

So apparently when I switched the channel on my walkie talkie I was hacking, damn I am such a bad ass.

Re:If only it were possible to do challenge/respon

Depending on the model of drone, NO IT IS NOT
The parrot AR drone in particular has no security, and you can't add any ontop of it (We've tried, and it wants to be a black box, and me trying is why posting as AC)

Many of the drones out there are NOT meant to be tinkered with, and I haven't yet seen one (non military) that has any level of encryption at all or really even authentication...

The first good drone that runs something like the Google Android that is going to be for ultra low energy use for smart watches, etc that is suppose to be coming out this summer... or something similar will probably be the first reasonably priced drone with any decent encryption, let alone tinkering

... badabom

[emj]

Thats the same kind of person who blaems typos on there keyboard.

I see what you did their!

Re:... badabom

[Richy_T]

Your not helping things.

Re:If only it were possible to do challenge/respon

[gl4ss]

arducopter + android otg.

pretty cheap and you can build anything you want to it, security etc.

but most importantly have the failsafe mode to not crash down straight like a rock.

Maybe he just isn't a very good pilot

[viperidaenz]

Warren can also fly but admits he’ll never be able to manipulate the controls as well as a younger person.

http://www.sciencewa.net.au/to...

Re:If only it were possible to do challenge/respon

[Platinumrat]

But what kind of person is going to research all the information needed to fly and operate a drone safely. Mostly, they'll buy the cheapest unit that the retailer sells them.

The fact that he crashed it, is likely to put him into trouble, especially since he was using it for commercial purposes. In Australia, a license is required to operate a UAV commercially, with adequate certification of the pilots.

From the Civil Aviation Safety Authority (CASA).

1. It's Illegal to fly Remotely Piloted Aircraft for money or economic reasons...

2. You must not fly closer than 30 meters to vehicles, boats, buildings or people

3. FPV flying is illegal without an Advanced Amateur Radio License

....

I guess he's in a lot of trouble.

Re:If only it were possible to do challenge/respon

[Platinumrat]

1. [...] without a license

Re:The Pilot Was Far Out Of His Depth

[Alioth]

Unless it specifically says WiFi, it's not WiFi and not even remotely like WiFi. Most 2.4GHz radio control gear is quite different to WiFi. It doesn't use ethernet packets or the ethernet protocol, it uses modulation and packet protocols that are specifically designed for real-time radio control. Unlike WiFi it is designed purely for point to point with one end a transmitter and the other end a receiver (not bidirectional) and with only one transmitter and one receiver bound to each other at any one time. Short of jamming the entire frequency band it's not trivial to take over something like Spektrum DSMII (certainly a lot more difficult than WiFi since to bind a receiver to a transmitter requires a physical programming step using a programming 'plug').

Re:Laughable CYA Maneuver

[Lumpy]

The Parrot AR is known to just fail on it's own. It is a steaming pile of crap. It freaking uses ultrasonics to check altitude, making it unreliable as hell, and to avoid the complaints from the 1.0 of devices flying away on them the firmware was changed to cut power and drop like a stone if they lose ground reference.

I spent a summer fixing and hacking on one. They are complete crap. I cant believe that anyone would buy one and keep it.

Re:If only it were possible to do challenge/respon

[blueg3]

They're replayable.

Re:If only it were possible to do challenge/respon

[Max+Littlemore]

In Australia it's illegal to fly a UAV within 30 meters of a human. This donkey was using an iPad to fly it 10 meters above the track. Even if quality radios are available here (of course they are) it sounds like he's a 'creative' type with little regard for anything without a brand name he reckognizes, physical reality or the law.