Slashdot Mirror
Hacking a Professional Drone
New submitter ricardinho writes: Research done at the University of Twente, in the Netherlands, shows that paying thousands of dollars for a professional drone does not guarantee that the device will be hack proof. These professional drones are commonly used across various industries to perform daily critical operations, such as surveillance and recon missions by law enforcement authorities. During his research, student Nils Rodday discovered that a professional drone could be compromised in multiple ways (PDF). One of these attack vectors investigated by the student is much more sophisticated than those used to compromise recreational drones that cost few hundreds of dollars and are not expected to be strongly secured. By reverse engineering the drone's operation and firmware, the student found ways to obtain key information that is used to validate the communication on the telemetry link between the drone and its remote controllers. This allowed for a Man-in-the-Middle attack in which the hacker could take full control of the attacked drone from a distance of up to 2 km. Manufacturers of professional drones are blindly trusting XBee chips for the communication between devices. These chips however are not meant to be used in sensitive devices and this flaw can compromise any sort of operation that the drones are deployed for. In addition, the solution is not simple since a firmware update patch cannot be simply released, but manufacturers have to actually recall the devices for in-house upgrades. Perhaps even more surprising is the cost of the described attack: 40 dollars is enough for an attacker to take full control of a $30,000 drone. Nils will explain and demonstrate his hacking into a professional drone during talks at RSA conference in San Francisco and Black Hat Asia in Singapore.
I know it was a military drone in the movie, but suddenly that scene in Interstellar doesn't seem quite so crazy. :)
"I have never let my schooling interfere with my education." - Mark Twain
There is, but on slashdot it probably starts with a capital A crowned by a tilde.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Well known that the XBee can be 'cracked' if you do not turn on the encryption. It is a major selling point for some applications that you can easily add more modules without consent from the OEM. If you enable encryption it should presumably be more difficult.
This is what happens when you don't RTFA and apparently aren't even capable of reading TFS. That the summary could have been written slightly differently has no bearing on the quality of the story. What a useless comment coming from a useless user. I hope you get modded down to -1 where you belong. Slashdot doesn't need more stupid comments from stupid people like you. Get lost.
- chipschap (posting anonymously to protect my karma)
Am I the only one concerned about the Australian sharks ability to hack the shark spotting drones?
Whats next? Lasers?
>> an RSA presentation which none of us will ever see
I've been to RSA. Many times. You aren't missing much. Go to a different security conference if you want to improve your skills - RSA is primarily for managers and buyers of packaged security solutions.
That's why he can present such information in the USA, if that is before the Singapore conference.
He might have to move to Russia at some point....
BlameBillCosby.com
Police Drone Can Be Commandeered From 2 Kilometres Away, Hacker Claims
Hacker Says He Can Hijack a $35K Police Drone a Mile Away
On sober second thought, I take all that back. I deeply and humbly apologize. xxxJonBoyxxx let's be pals again, mkay?
- chipschap (posting anonymously to protect my karma)
edit...very appropriate captcha for this situation: conifer
40 dollars is enough for an attacker to take full control of a $30,000 drone
That's quite a decent ROI, even allowing for depreciation.
"Drone" has become a ridiculous word, applied by click-baiting pseudo-journalist know-nothings to everything down to a $20 remote-controlled quadcopter/airplane you buy at the mall, lacking autonomous flight capability.
The proper, non-retarded term is this instance is "autonomous UAV" (unmanned aerial vehical).
Furthermore, using "hacking" in place of "cracking" on Slashdot is simply unforgivable.
Using mushy, ill-defined or mis-defined hyperbolic terminology is a great way to make your intellectual readership roll their eyes and go elsewhere.
can shoot it down with 24 cent shotgun shell
love is just extroverted narcissism
Basically if you use XBees, which are common in pro setups....
a. use API mode
b. use digi's built in encryption (AES)
c. Message authentication (key ids, crcs, etc...)
You can do all the other things he suggested, but this will stop 98% of the attacks out there. I'm surprised why he says Digi's onboard encryption was too slow. We do the above on all our drones (albeit a custom GCS) and do additional data link (Mesh ID based) and application layer things for added security, and still see 2ms lag from AES when turned on. Then again our packets are not too big. Done 30Hz control off this setup (50Hz like an R/C controller is a push)....
The problem is most F/OSS and vendor systems used XBees out of the box in transparent mode cause it's easy to setup and you can debug the serial line, or with packages like QGC with look at ascii or incomplete wire protocols that can be easily reversed engineered. Problem is... there's a reason they call it transparent mode--it's just a global serial buffer....