Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking a Professional Drone

Posted by timothy on from the hide-the-remote dept.

New submitter ricardinho writes: Research done at the University of Twente, in the Netherlands, shows that paying thousands of dollars for a professional drone does not guarantee that the device will be hack proof. These professional drones are commonly used across various industries to perform daily critical operations, such as surveillance and recon missions by law enforcement authorities. During his research, student Nils Rodday discovered that a professional drone could be compromised in multiple ways (PDF). One of these attack vectors investigated by the student is much more sophisticated than those used to compromise recreational drones that cost few hundreds of dollars and are not expected to be strongly secured. By reverse engineering the drone's operation and firmware, the student found ways to obtain key information that is used to validate the communication on the telemetry link between the drone and its remote controllers. This allowed for a Man-in-the-Middle attack in which the hacker could take full control of the attacked drone from a distance of up to 2 km. Manufacturers of professional drones are blindly trusting XBee chips for the communication between devices. These chips however are not meant to be used in sensitive devices and this flaw can compromise any sort of operation that the drones are deployed for. In addition, the solution is not simple since a firmware update patch cannot be simply released, but manufacturers have to actually recall the devices for in-house upgrades. Perhaps even more surprising is the cost of the described attack: 40 dollars is enough for an attacker to take full control of a $30,000 drone. Nils will explain and demonstrate his hacking into a professional drone during talks at RSA conference in San Francisco and Black Hat Asia in Singapore.

27 comments

  1. a 30,000 dollars drone by xxxJonBoyxxx · · Score: 0

    If only there was a symbol that meant "dollar"

    1. Re:a 30,000 dollars drone by Errol+backfiring · · Score: 2

      There is, but on slashdot it probably starts with a capital A crowned by a tilde.

      --
      Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
    2. Re:a 30,000 dollars drone by Anonymous Coward · · Score: 1, Insightful

      This is what happens when you don't RTFA and apparently aren't even capable of reading TFS. That the summary could have been written slightly differently has no bearing on the quality of the story. What a useless comment coming from a useless user. I hope you get modded down to -1 where you belong. Slashdot doesn't need more stupid comments from stupid people like you. Get lost.

      - chipschap (posting anonymously to protect my karma)

    3. Re:a 30,000 dollars drone by Anonymous Coward · · Score: 1

      On sober second thought, I take all that back. I deeply and humbly apologize. xxxJonBoyxxx let's be pals again, mkay?

      - chipschap (posting anonymously to protect my karma)

      edit...very appropriate captcha for this situation: conifer

  2. And our wonderful state wants to ARM drones... by Anonymous Coward · · Score: 0

    Google search for "police want to arm drones"

    Yep. Let's give this government MOAH MONAY!!!

    Make everyone pay THEIR FAIR SHARE!

    Hey, it will only be used against us.

  3. Interstellar? by RobinH · · Score: 1

    I know it was a military drone in the movie, but suddenly that scene in Interstellar doesn't seem quite so crazy. :)

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  4. No encryption by Anonymous Coward · · Score: 1

    Well known that the XBee can be 'cracked' if you do not turn on the encryption. It is a major selling point for some applications that you can easily add more modules without consent from the OEM. If you enable encryption it should presumably be more difficult.

  5. paid-for commercial? by Anonymous Coward · · Score: 0

    So this is a hidden commercial for an RSA presentation which none of us will ever see?

    1. Re:paid-for commercial? by xxxJonBoyxxx · · Score: 2

      >> an RSA presentation which none of us will ever see

      I've been to RSA. Many times. You aren't missing much. Go to a different security conference if you want to improve your skills - RSA is primarily for managers and buyers of packaged security solutions.

    2. Re:paid-for commercial? by turp182 · · Score: 1

      That's why he can present such information in the USA, if that is before the Singapore conference.

      He might have to move to Russia at some point....

      --
      BlameBillCosby.com
  6. Beware the Aussie sharks! by MrTester · · Score: 1

    Am I the only one concerned about the Australian sharks ability to hack the shark spotting drones?
    Whats next? Lasers?

  7. P0WN to DR0N3! by Anonymous Coward · · Score: 0

    This is great news for the (BOO!)Terrorists!
    Now they don't need to spend millions of dollars and years developing killbots.
    They can just by a 'sploit from a Ru551@n h@xx0r and turn the (make America)Great(again) Satan's weapons against themselves. again.

  8. Additional reading by ricardinho · · Score: 2

    Police Drone Can Be Commandeered From 2 Kilometres Away, Hacker Claims
    Hacker Says He Can Hijack a $35K Police Drone a Mile Away

    1. Re:Additional reading by Thud457 · · Score: 1

      Thanks for the obligatory Forbes link. They're a top trusted name in tech journalism. Plus I haven't had my RDA of malware this morning.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    2. Re:Additional reading by ricardinho · · Score: 1

      They didn't do the research, just reported. Being one of the co-authors of the work I can tell you that it is accurate.

    3. Re:Additional reading by 110010001000 · · Score: 1

      And I can tell you that Forbes delivers malware via their ads so you aren't welcome here.

  9. obvious by Anonymous Coward · · Score: 0

    you can buy any product, even ones marketed with security as a primary feature, and it is not guaranteed to be hack proof.

  10. Professional by Anonymous Coward · · Score: 0

    Who cares about professional drones, when there are amateur teen drones?

  11. ROI by thermidor · · Score: 1

    40 dollars is enough for an attacker to take full control of a $30,000 drone

    That's quite a decent ROI, even allowing for depreciation.

  12. How The Fuck? by Anonymous Coward · · Score: 0

    How the fuck are they getting XBee signals to reach 2Km when I can't get them to reach the next room?

  13. Click-bait article title with stupid terms... by Anonymous Coward · · Score: 1

    "Drone" has become a ridiculous word, applied by click-baiting pseudo-journalist know-nothings to everything down to a $20 remote-controlled quadcopter/airplane you buy at the mall, lacking autonomous flight capability.

    The proper, non-retarded term is this instance is "autonomous UAV" (unmanned aerial vehical).

    Furthermore, using "hacking" in place of "cracking" on Slashdot is simply unforgivable.

    Using mushy, ill-defined or mis-defined hyperbolic terminology is a great way to make your intellectual readership roll their eyes and go elsewhere.

  14. 40$ is expensive by avandesande · · Score: 1

    can shoot it down with 24 cent shotgun shell

    --
    love is just extroverted narcissism
    1. Re:40$ is expensive by godel_56 · · Score: 1

      can shoot it down with 24 cent shotgun shell

      From 2km away?

    2. Re:40$ is expensive by Anonymous Coward · · Score: 0

      Railgun sold separately.

  15. The paper if you thought TLDR; by recharged95 · · Score: 1

    Basically if you use XBees, which are common in pro setups....

    a. use API mode
    b. use digi's built in encryption (AES)
    c. Message authentication (key ids, crcs, etc...)

    You can do all the other things he suggested, but this will stop 98% of the attacks out there. I'm surprised why he says Digi's onboard encryption was too slow. We do the above on all our drones (albeit a custom GCS) and do additional data link (Mesh ID based) and application layer things for added security, and still see 2ms lag from AES when turned on. Then again our packets are not too big. Done 30Hz control off this setup (50Hz like an R/C controller is a push)....

    The problem is most F/OSS and vendor systems used XBees out of the box in transparent mode cause it's easy to setup and you can debug the serial line, or with packages like QGC with look at ascii or incomplete wire protocols that can be easily reversed engineered. Problem is... there's a reason they call it transparent mode--it's just a global serial buffer....