Slashdot Mirror
Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
why was the government employee even flying the drone at 3AM?
What a cute solution. Of course nobody can install their own software ...
What if you live, say, 20 miles from the capital? If that happened in London it would stop about *15% of the UK population from being able to use one! Perhaps that malware will be useful in re-enabling the damned things!
*I guessed that, but I think it's close.
Isn't the airspace around the capitol restricted? I guess you were never allowed to use it there.
To many people drones are military. That is the reason they are called quadcopters or the like.
So I was a bit surprised to learn that the drones were made in China, as I associate them with military devices.
Using model planes or quadcopters without a GPS is the standard, so these have NO idea where they are flying, yet can be easily flown long distance with goggles.
Don't fight for your country, if your country does not fight for you.
Cute the wire to the on-board GPS receiver...
Somehow this reminds of photocopiers refusing to copy things which resemble some random selection of paper money bills.
Sooner o later our whole civilization will go down in a huge steaming mess of stinking Rube-Goldbergness. A perverse variation on Dr. Strangelove's theme.
Looking forward to the showdown. Will be interesting, if somewhat messy.
The following patch will be to fix a piece of joke malware that makes the drone believe its ALWAYS within 25km of DC
(but it won't work)
Yea lets start hacking drones and mass remote controlling them. That could never go wrong.
Thank you, Bradley Manning, Edward Snowden and so many others, for courageously defending humanity, my freedom and more!
Possibly the PLA has the Chinese company's "Plutonium" series for use within 25 miles...
Stop the engine when crossing that invisible fence? A U turn? Holding position?
Um. Doesn't that kind of suck balls if you live in DC and want to (perfectly legally) fly your drone somewhere that isn't the White House?
the firmware can be altered... they're not hardcoding that.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
A simple solution would be to add a receiver that picks up a 'NO FLY ZONE' notice that embeds a set of GPS coordinates defining the boundary and a digital certificate. Small transmitters can be located at a site on an ad-hoc basis, or a more formal system can download a list for city or region.
That should keep everyone happy.
>. Either way a lot of large metro areas already have limits on flying a drone in urban areas, either from federal or municiple laws.
Yeah there's a federal law that covers "populated areas". The law passed by Congress gives the FAA authority to make rules regulating airspace. As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association*. The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
* It may seem odd that a private club has effectively been given authority to make law, but it has worked quite well for 60 years or whatever. The hobbyists have made good rules for themselves. This is analogous to the other AMA, where doctors make rules for themselves and any doctor violating these generally accepted standards is likely to lose any court case.
What is the security risk posed by small drones?
In your explanation please include "Drones are better than mortars at delivering explosives because..." and "Drones are better than high power telescopes because..."
For anyone who wants details, the AMA safety code is here:
http://www.modelaircraft.org/f...
They also have documents describing their agreements with the FAA:
http://www.modelaircraft.org/d...
Much Ado About Nothing.
I heard about agenda 21 back when Ron Paul was running for president, so... No: I didn't.
TFA makes it clear that this is NOT just for Washington DC & not just for hobbyists
The FAA has a list of flight restricted zones where all aircraft are restricted unless explicitly authorized. Phantom already partially respected these regulations but are just tightening up a number of omitted areas.
Democracy is a sheep and two wolves deciding what to have for lunch. Freedom is a well armed sheep contesting the issue
I didn't know that. It actually bothers me that they would intentionally make their product un-flyable in areas to 'prevent' me from breaking the law. Is it a law that they have to do it? I'm looking at car manufacturers: how would people feel if they governed their cars to the posted speed limits on the roads? A lot more analogies can be drawn. I'm not surprised that a Chinese company took this route: it's par for the course in China to be under the governmental thumb.
Interesting. I was confused by this since I was taught as a kid that The Hague was the capital of the Netherlands and, if Wikipedia is to be believed, that is still where the government sits even though it seems that Dutch law defines Amsterdam as the capital (which was something I'd never heard of until today). So apparently at least in the UK we used to be taught based on the definition of capital, i.e. where the ruling government presides, and not whatever local laws would like to call a capital.
Well aren't there loads of RC Quadcopters that don't need any GPS to fly around?? So this wont stop from any one who wants to do "things" in or around the capital.
Geofencing? That's even more annoying than regular DRM: "I'm sorry sir, you happen to live in a random no-fly zone, your product will refuse your instructions until you move to an approved place."
Such a mal-feature encourages buying a product without it.
What is the difference, for these small toys, of them being remote control vehicle vs a drone?
Is it a law that they have to do it?
No, this is them annoying some of their customers (people who want to fly illegally in the DC no-fly zone) in an attempt to preempt knee-jerk over compensating by federal authorities. The feds would rather just ban the devices entirely, period.
Don't disappoint your bird dog. Go to the range.
For the last 50 years people have had remote control aircraft. It's been simplicity itself to 'hack' them simply by using a stronger radio on the same channel. Even 20 years ago you could send them on 'autopilot' using relatively cheap gyros. Now suddenly after calling them 'drones' and a midnight drunken showboating excursion everything changes?!?!??? I'm really surprised they haven't been banned yet and anyone who purchased one branded an evil turrust! Won't someone please think of the children (in the government)?
What if you live, say, 20 miles from the capital? If that happened in London it would stop about *15% of the UK population from being able to use one!
And what is your point? Are these people who so desperately want to fly a drone incapable of driving a few miles to an area without restricted airspace?
Fact is while there are plenty of innocent reasons to want to fly a drone, there are virtually no innocent reasons to *need* to fly a drone. Particularly that close to sensitive airspace.
It may seem odd that a private club has effectively been given authority to make law, but it has worked quite well for 60 years or whatever.
It's nothing unusual at all. To give another example Congress granted the SEC delegates authority over accounting standards to the Financial Accounting Standards Board which is not a governmental agency but rather is an association of professionals tasked with setting accounting standards for public companies. And they do a very good job of this task. (I'm a certified accountant so yes I would actually know) If they failed in it the SEC could take the responsibility away at any time and by using this group the public gets better results for less money.
This is analogous to the other AMA, where doctors make rules for themselves and any doctor violating these generally accepted standards is likely to lose any court case.
The AMA is a bad example because they are fundamentally a lobbying group for physicians. They do not have any formal rule making authority that I am aware of delegated to them by the government.
Actually, this model is pretty widely used. The FAA and the ARRL (American Radio Relay League - amateur radio) work closely together and the ARRL is even responsible for first line enforcement. I'm not sure the AMA is a good example at all since it really doesn't make any broad rules of conduct other than some weak ethics rules. Remember, AMA enrollment in the US is, and has been, below 50% for a very long time. The FAA works closely with a number of industry and private groups including 'hobbyist' pilots (and then goes on to ignore everyone including themselves, but we are talking about the FAA).
But various government agencies do often work with outside groups on an effective basis. Sometimes for the benefit of society, sometimes not.
Faster! Faster! Faster would be better!
Ok, so I am fine with the manufacturers installing firmware updates that restrict a drones use in restricted areas like airports, government buildings and property, etc. But this isn't going to stop anyone with basic rudimentary computer skills from simply replacing the firmware with another one. Or building a drone from a kit where they have complete control of the components.
Oops. TMA (Too Many Acronyms).
AMA = Academy of Model Aeronautics as well as the American Medical Association.
You made need additional caffeine to distinguish the two in the last couple of posts.
Faster! Faster! Faster would be better!
I didn't know that. It actually bothers me that they would intentionally make their product un-flyable in areas to 'prevent' me from breaking the law. Is it a law that they have to do it?
Why should it bother you? What is it preventing you from doing that you would otherwise do? You have no actual need to fly a drone near the white house or in other restricted airspace. Given the safety concerns involved what you want (versus need) to do is pretty much irrelevant unless you can articulate a coherent reason for what you hope to accomplish. And for the record, no we should not by default trust you or anyone else to necessarily make good choices in this matter. I'd certainly be willing to listen to good arguments in favor of flying in controlled airspace but I doubt there are any.
I'm looking at car manufacturers: how would people feel if they governed their cars to the posted speed limits on the roads?
Probably annoyed but for a very different reason. We have nearly 100 years of history of the public being able to control the speeds of their cars but the consequences of that precedent are very different and well understood. Very few people have actually piloted an aircraft, manned or unmanned.
I'm not surprised that a Chinese company took this route: it's par for the course in China to be under the governmental thumb.
Not really so different here. People have this illusion that the government in China is this all pervasive authoritarian entity but in reality it has less control than most westerners realize. Conversely, the US government is more pervasive and intrusive than most people seem to be willing to acknowledge. That's not always a bad thing but it definitely causes problems sometimes.
That only works in GPS mode unless they've changed it. There's still atti and manual modes.
It's pretty common for GPS drones to include no fly areas like airports and military bases. Obviously that's primarily in place to stop someone accidently causing a plane crash, as anyone intentionally trying to do so would find it trivial to get round the restriction. I don't think there's anything wrong with that. I don't want to fly my drone into those areas, and if I did for some very niche reason then I could intentionally subvert it. Blocking out hundreds of square KMs of land because a drone was found near an important persons house is utterly retarded.
That's a pretty wide swath to cut out for your equipment. It's a pretty densely populated area. A 25 km no-fly zone means people in nearby cities Alexandria & Arlington, Virginia, and Bethesda, Maryland wouldn't be able to fly these things. That's just 3 I spotted eyeballing the map.
Taking guns away from the 99% gives the 1% 100% of the power.
No, this is them annoying some of their customers (people who want to fly illegally in the DC no-fly zone) in an attempt to preempt knee-jerk over compensating by federal authorities. The feds would rather just ban the devices entirely, period.
The Feds will do so anyways, so I don't see why the manufacturer is even bothering.
"Unheard of means only it's undreamed of yet,
Impossible means not yet done." ~~ Julia Ecklar
Gives a new meaning to DRM - Drone Rights Management.
You wouldn't steal a drone, but I would download a hack to let me fly it wherever I want!
"the rules of the Academy of Model Aeronautics, the primary hobbyist association*. The AMA bars flight over populated areas, "
I'd bet that 99% of people who have bought a drone in the last 3 years never had any involvrmrent with R/C aircratf before, and never heard of that AMA
"encouraging people to find a cow pasture IR something."
A cow pasture infrared? WTF
I don't think the farmer wants you disturbing his cows
There's no 'need' to consume alcohol, play team sport, have foods with added sugar, own a car, or have the internet either. It's idiotic to look at laws restricting things on the basis that there is no 'need' for the thing they restrict.
It's not at all idiotic to look at need versus wants when public safety concerns are involved. We do it all the time. Every single example you cite (particularly alcohol) has laws relating to balancing public needs versus private wants. Should we permit you to drive drunk just because you want to? You certainly have no need to do so. You might need to own a car but that doesn't mean your needs and wants are free of restrictions. You don't need to own a car without a muffler and so we restrict your ability to own/operate one on public roads. If you want to live in a civilized society you constantly have regulate genuine needs versus wants. You might need a car but you don't need one that is demonstrably unsafe to those around you.
We restricted the airspace in various places for very good and practical reasons. If you think a specific bit of airspace should be unrestricted then by all means petition your government to un-restrict it. However you apparently have no argument for why we should permit drone in restricted airspace beyond mere desire which is not sufficient.
"Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital." - until the Chinese government decides otherwise...
You haven't lived in/around DC. Driving a few miles can be quite the chore. 8 miles can easily mean 1-2 hours.
Yes I have spent plenty of time in and around DC. No I don't give a shit if the traffic is bad sometimes. I particularly don't give a shit if it interferes with your ability to legally fly a drone regardless of purpose. If it is that important to you then figure out how to do it in unrestricted airspace.
"IR" should of course be "or".
And definitely get permission from the owner of the pasture or join your local club, who leases a pasture-like area for a few hundred dollars per year.
All one would have to do to get around this is to not update the software And most don't bother updating anyway,
Total disclosure: I've worked on Soft Walls.
There was discussion on Slashdot about the Soft Walls Project that did something similar for airplanes. See the 2011, 2004 and 2003 discussions.
I believe that there was a demo involving an airplane at some point. It turns out that one of the interesting things is how to you define a blending function that makes it harder and harder for the device to fly in to the no fly zone.
Yeah, drones are different, and I'm not sure of the value of having no fly zones for drones, but it will probably happen some day.
In this case, a no-fly zone in DC might have prevented drunken late night operation and crashing of the drone and we would have some other news item to discuss.
There is Soft Walls FAQ that covers common objections for airplanes.
True, now I know which drone mnfctr to avoid.
As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association
Not true, though they are pretty similar in some respects.
Also note that the current FAA "rules" (FAA Advisory circular 91-57 - Model Aircraft Operating Standards) is *advisory* -- it's not mandatory. It's not a set of rules at all, just guidelines. It encourages "voluntary compliance".
The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
The AMA rules (not binding, but they can refuse to pay insurance claims if you violate them) say that you will not fly RC planes "directly over unprotected people, vessels, vehicles or structures". Not quite the same as you put it -- flying in a populated area is fine, as long as you aren't flying directly over people and aren't flying in a careless or reckless manner.
It may seem odd that a private club has effectively been given authority to make law
Again, it has not. The AMA rules are even *less* restrictive than the FAA circular in one way -- the AMA rules say not to fly over 400 feet near an airport without notifying the airport, and the FAA suggestions say not to fly over 400 feet above the surface, period. And note that R/C pilots, especially those flying gliders, fly over 400 feet quite often.
any doctor violating these generally accepted standards is likely to lose any court case.
Now, that part rings true ... the AMA safety code is basically the industry standard and if you're sued for hurting somebody, not following those standards will hurt you in court.
And indeed, it seems that whatever new *mandatory* standards the FAA comes up with be largely influenced by the AMA safety code ... but we are not there yet.
To expand on the other post I just made, it's quite interesting the dangers that the R/C hobby has encountered lately.
A few decades ago, young people stopped getting into the hobby largely due to video games and so the average modeller was getting older and older.
R/C sites have always been at risk from encroachment by new neighbors who don't like the noise. This effect has nearly decimated general avaition airports over the last many decades and it continues.
But then electric planes came, greatly improving the noise situation. Still, fields are always being lost and created.
Then the park flier came ... this helped bring the casual flier into the fold and many youth. It also meant that people were often flying in parks and baseball fields rather than formal fields -- not really a risk to the hobby (but a big risk to the AMA itself, as these flyers don't need the AMA!), but a pretty big change.
But now it's the rise of the FPV plane (well, they're still relatively rare) and especially the semi-autonomous (sometimes, usually not) quadcopters with cameras. These things are bringing all sorts of people to the hobby, interested in flying and photography, but people are all riled up by the idea of these being used to take pictures of them, and so the models are being banned all over the place, laws enacted, etc.
And people fly them in places where models generally weren't normally flown in the past (to take pictures) and then something happens and it's all over the news and lawmakers have knee jerk reactions and ban things.
It's a good time for the hobby -- lots of new things to do, new technologies to play with -- but it's a bad time for the hobby, with the hammer coming down and lots of new regulations appearing. The AMA is fighting the good fight, but I think they're going to ultimately lose, and the FAA and local governments will continue to greatly restrict the hobby -- it'll be done in the name of safety, but the reality is that it'll mostly be about preventing photography.
On the bright side, they will probably open some ways for commercial use of unmanned aircraft with lots of red tape associated with that -- so that's good that they allow that, as it wasn't allowed at all before, but the red tape is likely to be as heavy or even heavier than that associated with full scale manned aircraft.
Thanks for the clarification. As I mentioned, I was going from memory of what I'd read many years ago.
If these people want to fly unidentified drones in airspace within someone's backyard at any time of day or night, it should come as no surprise that law abiding citizens or not may take that as an opportunity for some interesting target practice as well as some much needed hacking of the control sticks. All your drones are belong to us. At least in America, we have the 4th amendment to assure that no unreasonable searches and seizures can be conducted remotely by spy aircraft. Right?
In this particular case, DC IS a no fly zone, at least since 9/11. There was talk in this area shortly after that happened to the effect of any plane flying into that region could be shot down if they were unable to identify it or if it failed to respond. This came directly from the pentagon impact as they saw that plane coming in, and tried to get it to respond, and by the time they would have shot it down, it was already too late as the decision process took too long.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Fellow users, i found a very interesting site where i can buy virtual credit cards to verify paypal ebay, amazon and others! www.anondebitcard.com they have a coupon running for 1st time customers: newcust10 Use this when checking out to receive 10% discount on any of their products
There is a radio controlled flight club for the DC area, which operates out of Gaithersburg (really not that far a drive from DC proper).
http://www.dc-rc.org/
Now that DJI has demonstrated that they can prevent the users of their product from operating in a specific area, every celebrity/wealthy homeowner/government official is going to want their very own NFZ. Even if the laws are nebulous (outside of the specific national-security ones in D.C.), they'll keep coming back in civil court until DJI and the other GPS-controlled drone makers give in. Can't ban drones in National Parks - just force the company to add them to the default NFZ. Don't want paparazzi flying drones over your estate? File a suit claiming that the mfg is implicit in invasion-of-privacy for failing to block it.
Just watch - it'll happen sooner than you think. Pretty soon, the only place you'll be able to fly a drone is inside your own house, with the curtains closed.
The FAA and the ARRL (American Radio Relay League - amateur radio) work closely together and the ARRL is even responsible for first line enforcement.
That is complete nonsense. ARRL has no enforcement authority for anything, either with the FAA (why would it?) or the FCC (which is what I think you meant.)
The ARRL is a VEC (volunteer examiner coordinator) which gives them a pipeline into the ULS (uniform licensing system) database for licensing, but they have zero enforcement function. They aren't a frequency coordinator so they don't even get authority to resolve interference issues.
The ARRL can notify hams of alleged rule violations all they want (through the OO -- official observer -- program), but they cannot demand a response nor can they tell hams to stop doing anything. They cannot show up on a ham's doorstep demanding access to the "station" or its records. They have no more power in that area than anyone else -- including your next door neighbor. They're a lobbying group when it comes to regulation of amateur radio. That's all.
Hell yea! Now how do I add my house to this list? Can we just come up with a global "Shooo!" protocol? Upon recieving packet, mark it on the no fly zone list, or do we each individually have to fly our own drone blasting drones? If that's the case, can we just make it legal to shoot drones instead? I mean as if it wasn't annoying enough to have people walking around snapping pictures of everything, now it's automated? Hell, we even have a selfie drone service, and unfortunately in the part of VA I'm at, no projectiles of any kind are allowed. So my solution is going to have to be a SUPER LONG stick, with a Mickey Mouse hand stapled on it and swat those f#$!@s above my land.
Some of us are really pissed the at FAA by NOT making clear and legal rules for drones have already killed the nascent industry.
The FAA was using law enforcement to stop people from breaking "voluntary guidelines", in an obvious pilot protection scheme. They effectively made it illegal to photograph professionally using a drone regardless of safety. Hollywood just blatantly breaks the "law" (an undemocratic glorified memo) it's so fucking stupid.
There are so many layers of stupid in this story, it's hard to address one of them without the embarrassing feeling that someone might read a rebuke of one stupidity, and take it as an implicit acceptable of the rest of the stupidity that you didn't address. If you argue too hard that Yog-Sothoth made a mistake in designing camels, somebody might think you're a creationist.
From the point of view of a malevolent user who intends to use the device to harm someone, why would they want your malware?
From the point of view of a benevolent user, why would they want your malware?
What will happen in the marketplace, if a benevolent user is persuaded to run your malware and then has a problem and finds out that it was due to the malware?
What's so special about the security needs of people in a capital, compared to people everywhere else? And is this special need, really a function of where they happen to be at a moment, or is it based on what their powers and responsibilities (and presumably, replacement cost) are?
I am leaving a few dozen obvious things out because it's tiring to enumerate. That my original point: don't think that just because I missed a totally-obvious way that the idea is stupid, as meaning I would debate one of these points from the premise of accepting a lot of other stupidity. It's not even something I disagree with or think is a bad strategy or an us-vs-them thing. It's just a totally dumb idea, a loser no matter how you look at it and no matter what your agenda is.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
25km? So I can't fly over the Potomac just upstream of DC? That's a bit ridiculous.
A small drone as a significant risk to the White House? Not. A sniper or a rocket attack on Marine One would be more likely. They acknowledge it, but I think they play down the sniper risk to keep from giving more crazy people ideas.