Slashdot Mirror
Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
why was the government employee even flying the drone at 3AM?
Somehow this reminds of photocopiers refusing to copy things which resemble some random selection of paper money bills.
Sooner o later our whole civilization will go down in a huge steaming mess of stinking Rube-Goldbergness. A perverse variation on Dr. Strangelove's theme.
Looking forward to the showdown. Will be interesting, if somewhat messy.
The following patch will be to fix a piece of joke malware that makes the drone believe its ALWAYS within 25km of DC
(but it won't work)
the firmware can be altered... they're not hardcoding that.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
>. Either way a lot of large metro areas already have limits on flying a drone in urban areas, either from federal or municiple laws.
Yeah there's a federal law that covers "populated areas". The law passed by Congress gives the FAA authority to make rules regulating airspace. As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association*. The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
* It may seem odd that a private club has effectively been given authority to make law, but it has worked quite well for 60 years or whatever. The hobbyists have made good rules for themselves. This is analogous to the other AMA, where doctors make rules for themselves and any doctor violating these generally accepted standards is likely to lose any court case.
For anyone who wants details, the AMA safety code is here:
http://www.modelaircraft.org/f...
They also have documents describing their agreements with the FAA:
http://www.modelaircraft.org/d...
Ok, I'll give it a go:
Drones are better than high power telescopes because... you don't need line of sight. A Drone can go over hedges/bushes/walls, or round corners. Things that would render a telescope useless. Drones can also theoretically go inside buildings.
Also, if you spot someone watching you with the telescope, you can see who is doing it (just look back at them with your own optics). The drone operator could be inside a building, or someone over the internet. You could not easily work out who was the operator just by looking at the drone itself.
(on the flip side, people are less likely to notice someone 500m away with a telescope than a drone buzzing above you).
Drones are not better than mortars, but they make for very good artillery spotters, giving you GPS co-ords to calculate trajectory for your target, again without the target risking finding out who is behind it.
You can't "perfectly legally" fly an unmanned aircraft in an unmanned aircraft no-fly zone.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
Also, as the drone has to compensate for wind, the drone can tell you what the wind strength is, so you don't have to estimate it from sighting a tree.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
I didn't know that. It actually bothers me that they would intentionally make their product un-flyable in areas to 'prevent' me from breaking the law. Is it a law that they have to do it? I'm looking at car manufacturers: how would people feel if they governed their cars to the posted speed limits on the roads? A lot more analogies can be drawn. I'm not surprised that a Chinese company took this route: it's par for the course in China to be under the governmental thumb.
In the Washington DC area, flights of any kind are and have been for many years very severely controlled. The DC Flight Restriction Zone (the "DC FRZ") is a 30-mile-wide circle in side of which it is illegal to fly any sort of remote control device of any kind at any altitude. So, yes, it sucks to be in the suburbs, seemingly a long way away from the sensitive downtown areas that include the White House, the Capital, Reagan Airport, the CIA campus, and all of those other high-profile places and people ... but, too bad! Federal offense with stiff fines and possible jail time if you're caught. That includes kids with $20 bought-it-at-the-mall 6" pink plastic helicopters playing around in their back yard. Yes, it's ridiculous.
On the other hand, it's a rare week when a trio of big helicopters doing runs like the one between the White House and Camp David don't go thundering over the tree tops of suburban Maryland. You can hear them coming quite a ways out, and if you were prepared, you could easily have a modest quadcopter or more substantial hexa up to over 1000' feet and be at the same altitiude as (or above) Marine One by the time it and its decoy siblings flew directly over your house on the way to a routine presidential golf outing. That's the sort of thing that has had the DoD, Secret Service, HSA, and FAA all uptight. Mind you, a person flying a more or less radar-invisible foam and plastic RC plane could have done that many years ago, too.
And so we have a 700 square mile area where flying a 3-pound DJI quadcopter is very, very illegal, and has been for years. That DJI is updating their GPS-aware flight control firmware to make it impossible to fly their devices in that area is a sign that they don't want their products to be simply banned outright. We are not at the sweet spot of rational rules and implementation on this one, not even close. And of course someone with true mal intent isn't going to be bothered by the rules or the firmware limitations anyway.
Don't disappoint your bird dog. Go to the range.
What is the security risk posed by small drones? In your explanation please include "Drones are better than mortars at delivering explosives because..."
Because a drone can autonomously delivery a brick of C4 to within a meter of where you want it to go on your first try. And you can be miles away while it does that. "Miles away" is also handy if you're using it to deliver an aerosoled nerve agent or some bio-nasty substance over, say, a presidential press conference in the Rose Garden, or a speech on the steps of the Capital.
Don't disappoint your bird dog. Go to the range.
For the last 50 years people have had remote control aircraft. It's been simplicity itself to 'hack' them simply by using a stronger radio on the same channel. Even 20 years ago you could send them on 'autopilot' using relatively cheap gyros. Now suddenly after calling them 'drones' and a midnight drunken showboating excursion everything changes?!?!??? I'm really surprised they haven't been banned yet and anyone who purchased one branded an evil turrust! Won't someone please think of the children (in the government)?
What if you live, say, 20 miles from the capital? If that happened in London it would stop about *15% of the UK population from being able to use one!
And what is your point? Are these people who so desperately want to fly a drone incapable of driving a few miles to an area without restricted airspace?
Fact is while there are plenty of innocent reasons to want to fly a drone, there are virtually no innocent reasons to *need* to fly a drone. Particularly that close to sensitive airspace.
You're hired. Or under arrest.
Things are so confusing these days.
Faster! Faster! Faster would be better!
Better be sure to turn off the 'return to me' function on some drones otherwise you'll think you're Wiley E Coyote in a RoadRunner episode.
True except for one issue. They are bloody noisy. So if any covert operation is the goal and you don't have the many MANY thousands of dollars needed for a drone capable of imaging from high altitudes with long focal lengths it will be painfully obvious that someone is looking.
A telescope however is often very discrete.
That only works in GPS mode unless they've changed it. There's still atti and manual modes.
It's pretty common for GPS drones to include no fly areas like airports and military bases. Obviously that's primarily in place to stop someone accidently causing a plane crash, as anyone intentionally trying to do so would find it trivial to get round the restriction. I don't think there's anything wrong with that. I don't want to fly my drone into those areas, and if I did for some very niche reason then I could intentionally subvert it. Blocking out hundreds of square KMs of land because a drone was found near an important persons house is utterly retarded.
That's a pretty wide swath to cut out for your equipment. It's a pretty densely populated area. A 25 km no-fly zone means people in nearby cities Alexandria & Arlington, Virginia, and Bethesda, Maryland wouldn't be able to fly these things. That's just 3 I spotted eyeballing the map.
Taking guns away from the 99% gives the 1% 100% of the power.
"Drones are better than high power telescopes because you don't need line of sight"
I think you're severely overestimating the capabilities of these commercial, civilian quads. The camera in the Phantom 2 Vision+ is a 12MP, 1080p fisheye lens, very similar to a GoPro 3. You're not getting the optics of a high-power telescope.
DJI's new line, the Inspire One, has a 4K camera, which I guess allows for better quality, but you're still not zooming in. These things are loud, you're not using them for invading someone's privacy without them knowing.
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
How big is your brick? While there are hexa- and octocopters that can carry a couple of pounds (which are big and conspicuous spider-looking things), the payload of the DJI Phantom line is measured in low-double-digit grams.
Maybe it can deliver a targeted chemical payload (so can RC planes), but I think explosives would be a little difficult.
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
Total disclosure: I've worked on Soft Walls.
There was discussion on Slashdot about the Soft Walls Project that did something similar for airplanes. See the 2011, 2004 and 2003 discussions.
I believe that there was a demo involving an airplane at some point. It turns out that one of the interesting things is how to you define a blending function that makes it harder and harder for the device to fly in to the no fly zone.
Yeah, drones are different, and I'm not sure of the value of having no fly zones for drones, but it will probably happen some day.
In this case, a no-fly zone in DC might have prevented drunken late night operation and crashing of the drone and we would have some other news item to discuss.
There is Soft Walls FAQ that covers common objections for airplanes.
gps modules almost always use low speed serial (ttl) comms.
it would be trivial (50 lines of C code, maybe much much less) to have a cpu (even attiny) in the middle between the gps module and the rest of the brain. when the x,y values come back and its inside a 'nfz' it could easily be remapped (in simple ascii) to NOT be in nfz. perhaps if you are near a nfz, it would go into auto-offset mode and add a fixed x,y value so that it thinks its miles away. then you compensate for it at the ground level when you program its course.
would not be hard at all.
waste of time to try to disallow x,y values for things like this. anyone here who spent a few weeks on even a simple arduino could do this remapping in an afternoon.
--
"It is now safe to switch off your computer."
As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association
Not true, though they are pretty similar in some respects.
Also note that the current FAA "rules" (FAA Advisory circular 91-57 - Model Aircraft Operating Standards) is *advisory* -- it's not mandatory. It's not a set of rules at all, just guidelines. It encourages "voluntary compliance".
The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
The AMA rules (not binding, but they can refuse to pay insurance claims if you violate them) say that you will not fly RC planes "directly over unprotected people, vessels, vehicles or structures". Not quite the same as you put it -- flying in a populated area is fine, as long as you aren't flying directly over people and aren't flying in a careless or reckless manner.
It may seem odd that a private club has effectively been given authority to make law
Again, it has not. The AMA rules are even *less* restrictive than the FAA circular in one way -- the AMA rules say not to fly over 400 feet near an airport without notifying the airport, and the FAA suggestions say not to fly over 400 feet above the surface, period. And note that R/C pilots, especially those flying gliders, fly over 400 feet quite often.
any doctor violating these generally accepted standards is likely to lose any court case.
Now, that part rings true ... the AMA safety code is basically the industry standard and if you're sued for hurting somebody, not following those standards will hurt you in court.
And indeed, it seems that whatever new *mandatory* standards the FAA comes up with be largely influenced by the AMA safety code ... but we are not there yet.
To expand on the other post I just made, it's quite interesting the dangers that the R/C hobby has encountered lately.
A few decades ago, young people stopped getting into the hobby largely due to video games and so the average modeller was getting older and older.
R/C sites have always been at risk from encroachment by new neighbors who don't like the noise. This effect has nearly decimated general avaition airports over the last many decades and it continues.
But then electric planes came, greatly improving the noise situation. Still, fields are always being lost and created.
Then the park flier came ... this helped bring the casual flier into the fold and many youth. It also meant that people were often flying in parks and baseball fields rather than formal fields -- not really a risk to the hobby (but a big risk to the AMA itself, as these flyers don't need the AMA!), but a pretty big change.
But now it's the rise of the FPV plane (well, they're still relatively rare) and especially the semi-autonomous (sometimes, usually not) quadcopters with cameras. These things are bringing all sorts of people to the hobby, interested in flying and photography, but people are all riled up by the idea of these being used to take pictures of them, and so the models are being banned all over the place, laws enacted, etc.
And people fly them in places where models generally weren't normally flown in the past (to take pictures) and then something happens and it's all over the news and lawmakers have knee jerk reactions and ban things.
It's a good time for the hobby -- lots of new things to do, new technologies to play with -- but it's a bad time for the hobby, with the hammer coming down and lots of new regulations appearing. The AMA is fighting the good fight, but I think they're going to ultimately lose, and the FAA and local governments will continue to greatly restrict the hobby -- it'll be done in the name of safety, but the reality is that it'll mostly be about preventing photography.
On the bright side, they will probably open some ways for commercial use of unmanned aircraft with lots of red tape associated with that -- so that's good that they allow that, as it wasn't allowed at all before, but the red tape is likely to be as heavy or even heavier than that associated with full scale manned aircraft.
And you think that's going to get by undetected?
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
Are you an American? I ask because I cringe when I see this type of comment from a people who should understand what freedom and limited government is supposed to mean.
We don't use a metric of what I 'need' to do to determine what freedoms I should have. I don't need to purchase a 64 ounce mountain dew. That hardly means that I should be protected from doing so if I choose to. It's not exactly analogous to the drone situation, but it's a good representation of why the metric you propose is NOT one than anyone worried about personal freedom would ever support.
I don't need to make an argument of why I should be able to do something. You're trying to put the onus on the users, when it fact the onus is ALWAYS on the person trying to take away. Do we have systems in our cars that prevent us from crashing the gates at the White House? Do we have systems in our phones that prevent us from abusing the 911 emergency line?
I could continue, but frankly if you don't understand or agree with the argument it's pointless to go on. You comment regarding the United States being 'not so different' that China is fairly telling. It's not based in any semblence of reality. Censorship? Political arrests?
You argument is completely nonsensical on both counts.
Are you an American? I ask because I cringe when I see this type of comment from a people who should understand what freedom and limited government is supposed to mean.
Yes I am and I'm also bright enough to realize that freedom does not mean you get to do whatever the hell you want any time you want regardless of the consequences. Freedom does not mean no laws. Limited government does not mean no government. It means we keep government out of things that it has no reason to be involved in. Safety of the public airspace is something the government very much has a reason to be involved because there is a compelling public interest at stake.
We don't use a metric of what I 'need' to do to determine what freedoms I should have.
We do that all the time. We do not permit you to legally drive to work at 120mph because you do not need to do so and it would endanger others. There are all kinds of legal limits on your behavior which balance the needs of society against your desires. Your freedom ends when it impinges on my safety and my ability to enjoy the same freedom and vice-versa. That is the metric.
I don't need to purchase a 64 ounce mountain dew. That hardly means that I should be protected from doing so if I choose to.
If you can explain to me how your purchase of a mountain dew will result in it crashing on the white house lawn or bringing down an airliner then we can pretend that your analogy has any bearing on reality.
I could continue, but frankly if you don't understand or agree with the argument it's pointless to go on. You comment regarding the United States being 'not so different' that China is fairly telling. It's not based in any semblence of reality. Censorship? Political arrests?
You mean like the folks who were arrested and imprisoned at Guantanamo Bay often wrongfully and all of them without charges? Like the people we've tortured and innocent people we've killed in the last ten years over two pointless wars? Like the FBI censoring US citizens with National Security Letters? Like the NSA spying on innocent people including those with unusual political leanings? Let's not pretend the US is some paragon of virtue.
I've actually been to China. Spent a fair bit of time there within the last decade. I'm probably far more aware than you are of how restrictive their government is and yes it can be quite oppressive in some ways. Thing is that you can say pretty much anything you want about China and the opposite is often almost equally true at the same time. China is a mass of contradictions, not all of which are obvious or make sense.
I'm merely responding to the fellow who seems uncomfortable with the notion of making a product intentionally unflyable in restricted airspace.
My backyard, despite being within 5 nm of an airport, is NOT restricted airspace and there is no danger to any White House or manned aircraft. You don't know what "restricted airspace" is, so stop flapping your gums about what is and isn't safe within it.
This "mandatory update" from DJI is patent bullshit, as is the argument that trained knowlegable pilots must be protected from killing people in major airliners by making the product non-functional in certain places.
For the record, I fly both manned and unmanned aircraft and know for a fact that there are safe places to fly quads that are within controlled airspace, which is much more common than restricted airspace -- where there are also safe flight areas.
waste of time to try to disallow x,y values for things like this. anyone here who spent a few weeks on even a simple arduino could do this remapping in an afternoon
(1) Your average user would not be able to implement this hack. Technical users would have to research/experiment/tinker and/or wait for other technical users to do the same and publish their results. This buys time (see point 2).
(2) It makes the drone maker look good and reduces the risk of kneejerk legislative responses.
(3) Anyone who modifies their device to do this will receive the blunt of the blame. Blame will be apportioned less to the manufacturer, the regulations, or the general concept of consumer drones and more to the individual. Instead of being portrayed as a drunken fool doing something dumb but ultimately harmless (like the guy in the recent White House incident), the media will portray them as a shady hacker with possible terrorist intentions.
(4) Prosecutors who want to hang the operator out to dry will probably find more legal hooks to do so, since the operator intentionally disabled a "security" feature.
(1), (2), (3), and (4) are all good things for the manufacturer, who's market lives or dies by legislative and regulatory edict. That makes this worth doing, even if there's a jillion ways of undoing it.
-1, Too Many Layers Of Abstraction
I think you mean to say, "If drones are illegal, only criminals will have drones".
Yes. And drones don't kill people, people kill people. It's actually kinda funny to watch a lot of normally "progressive" types who've always reflexively ridiculed the sport shooting types for their defensive postures regarding irrational gun laws ... suddenly find themselves in exactly the same predicament. "But I just want to do some fine art landscape photography from 50' feet up!" Uh huh, and I just want to break some clay pigeons. But we're BOTH evil now! How's it feel buddy!
Don't disappoint your bird dog. Go to the range.