Slashdot Mirror
Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated
An anonymous reader writes A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. Rahul Sasi, a security engineer at Citrix R&D, created MalDrone, the first backdoor malware for the AR drone ARM Linux system to target Parrot AR Drones, but says it can be modified to target others as well. The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance. Meanwhile, the Chinese company that created the drone that crashed on the White House grounds has announced a software update for its "Phantom" series that will prohibit flight within 25 kilometers of the capital.
Yes, people doing things that you are not doing yourself are always wrong and worthy of suspicion! #theamericanway
The following patch will be to fix a piece of joke malware that makes the drone believe its ALWAYS within 25km of DC
(but it won't work)
>. Either way a lot of large metro areas already have limits on flying a drone in urban areas, either from federal or municiple laws.
Yeah there's a federal law that covers "populated areas". The law passed by Congress gives the FAA authority to make rules regulating airspace. As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association*. The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
* It may seem odd that a private club has effectively been given authority to make law, but it has worked quite well for 60 years or whatever. The hobbyists have made good rules for themselves. This is analogous to the other AMA, where doctors make rules for themselves and any doctor violating these generally accepted standards is likely to lose any court case.
For anyone who wants details, the AMA safety code is here:
http://www.modelaircraft.org/f...
They also have documents describing their agreements with the FAA:
http://www.modelaircraft.org/d...
Ok, I'll give it a go:
Drones are better than high power telescopes because... you don't need line of sight. A Drone can go over hedges/bushes/walls, or round corners. Things that would render a telescope useless. Drones can also theoretically go inside buildings.
Also, if you spot someone watching you with the telescope, you can see who is doing it (just look back at them with your own optics). The drone operator could be inside a building, or someone over the internet. You could not easily work out who was the operator just by looking at the drone itself.
(on the flip side, people are less likely to notice someone 500m away with a telescope than a drone buzzing above you).
Drones are not better than mortars, but they make for very good artillery spotters, giving you GPS co-ords to calculate trajectory for your target, again without the target risking finding out who is behind it.
You can't "perfectly legally" fly an unmanned aircraft in an unmanned aircraft no-fly zone.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
Also, as the drone has to compensate for wind, the drone can tell you what the wind strength is, so you don't have to estimate it from sighting a tree.
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
In the Washington DC area, flights of any kind are and have been for many years very severely controlled. The DC Flight Restriction Zone (the "DC FRZ") is a 30-mile-wide circle in side of which it is illegal to fly any sort of remote control device of any kind at any altitude. So, yes, it sucks to be in the suburbs, seemingly a long way away from the sensitive downtown areas that include the White House, the Capital, Reagan Airport, the CIA campus, and all of those other high-profile places and people ... but, too bad! Federal offense with stiff fines and possible jail time if you're caught. That includes kids with $20 bought-it-at-the-mall 6" pink plastic helicopters playing around in their back yard. Yes, it's ridiculous.
On the other hand, it's a rare week when a trio of big helicopters doing runs like the one between the White House and Camp David don't go thundering over the tree tops of suburban Maryland. You can hear them coming quite a ways out, and if you were prepared, you could easily have a modest quadcopter or more substantial hexa up to over 1000' feet and be at the same altitiude as (or above) Marine One by the time it and its decoy siblings flew directly over your house on the way to a routine presidential golf outing. That's the sort of thing that has had the DoD, Secret Service, HSA, and FAA all uptight. Mind you, a person flying a more or less radar-invisible foam and plastic RC plane could have done that many years ago, too.
And so we have a 700 square mile area where flying a 3-pound DJI quadcopter is very, very illegal, and has been for years. That DJI is updating their GPS-aware flight control firmware to make it impossible to fly their devices in that area is a sign that they don't want their products to be simply banned outright. We are not at the sweet spot of rational rules and implementation on this one, not even close. And of course someone with true mal intent isn't going to be bothered by the rules or the firmware limitations anyway.
Don't disappoint your bird dog. Go to the range.
What is the security risk posed by small drones? In your explanation please include "Drones are better than mortars at delivering explosives because..."
Because a drone can autonomously delivery a brick of C4 to within a meter of where you want it to go on your first try. And you can be miles away while it does that. "Miles away" is also handy if you're using it to deliver an aerosoled nerve agent or some bio-nasty substance over, say, a presidential press conference in the Rose Garden, or a speech on the steps of the Capital.
Don't disappoint your bird dog. Go to the range.
If you have a drone, the question is; why WOULDN'T you be flying the drone at 3AM?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
True except for one issue. They are bloody noisy. So if any covert operation is the goal and you don't have the many MANY thousands of dollars needed for a drone capable of imaging from high altitudes with long focal lengths it will be painfully obvious that someone is looking.
A telescope however is often very discrete.
"Drones are better than high power telescopes because you don't need line of sight"
I think you're severely overestimating the capabilities of these commercial, civilian quads. The camera in the Phantom 2 Vision+ is a 12MP, 1080p fisheye lens, very similar to a GoPro 3. You're not getting the optics of a high-power telescope.
DJI's new line, the Inspire One, has a 4K camera, which I guess allows for better quality, but you're still not zooming in. These things are loud, you're not using them for invading someone's privacy without them knowing.
[DISCLAIMER: This post is a work of satire and should not be misconstrued as a holy text upon which to base a religion.]
gps modules almost always use low speed serial (ttl) comms.
it would be trivial (50 lines of C code, maybe much much less) to have a cpu (even attiny) in the middle between the gps module and the rest of the brain. when the x,y values come back and its inside a 'nfz' it could easily be remapped (in simple ascii) to NOT be in nfz. perhaps if you are near a nfz, it would go into auto-offset mode and add a fixed x,y value so that it thinks its miles away. then you compensate for it at the ground level when you program its course.
would not be hard at all.
waste of time to try to disallow x,y values for things like this. anyone here who spent a few weeks on even a simple arduino could do this remapping in an afternoon.
--
"It is now safe to switch off your computer."
As I recall, for model aircraft the FAA rules reference (or incorporate verbatim?) the rules of the Academy of Model Aeronautics, the primary hobbyist association
Not true, though they are pretty similar in some respects.
Also note that the current FAA "rules" (FAA Advisory circular 91-57 - Model Aircraft Operating Standards) is *advisory* -- it's not mandatory. It's not a set of rules at all, just guidelines. It encourages "voluntary compliance".
The AMA bars flight over populated areas, encouraging people to find a cow pasture IR something.
The AMA rules (not binding, but they can refuse to pay insurance claims if you violate them) say that you will not fly RC planes "directly over unprotected people, vessels, vehicles or structures". Not quite the same as you put it -- flying in a populated area is fine, as long as you aren't flying directly over people and aren't flying in a careless or reckless manner.
It may seem odd that a private club has effectively been given authority to make law
Again, it has not. The AMA rules are even *less* restrictive than the FAA circular in one way -- the AMA rules say not to fly over 400 feet near an airport without notifying the airport, and the FAA suggestions say not to fly over 400 feet above the surface, period. And note that R/C pilots, especially those flying gliders, fly over 400 feet quite often.
any doctor violating these generally accepted standards is likely to lose any court case.
Now, that part rings true ... the AMA safety code is basically the industry standard and if you're sued for hurting somebody, not following those standards will hurt you in court.
And indeed, it seems that whatever new *mandatory* standards the FAA comes up with be largely influenced by the AMA safety code ... but we are not there yet.
Are you an American? I ask because I cringe when I see this type of comment from a people who should understand what freedom and limited government is supposed to mean.
We don't use a metric of what I 'need' to do to determine what freedoms I should have. I don't need to purchase a 64 ounce mountain dew. That hardly means that I should be protected from doing so if I choose to. It's not exactly analogous to the drone situation, but it's a good representation of why the metric you propose is NOT one than anyone worried about personal freedom would ever support.
I don't need to make an argument of why I should be able to do something. You're trying to put the onus on the users, when it fact the onus is ALWAYS on the person trying to take away. Do we have systems in our cars that prevent us from crashing the gates at the White House? Do we have systems in our phones that prevent us from abusing the 911 emergency line?
I could continue, but frankly if you don't understand or agree with the argument it's pointless to go on. You comment regarding the United States being 'not so different' that China is fairly telling. It's not based in any semblence of reality. Censorship? Political arrests?
You argument is completely nonsensical on both counts.