$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away

mask.of.sanity writes: Thieves can hijack $28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from up to two kilometers away thanks to a lack of encryption, which is not present due to latency overheads. Attackers can commandeer radio links to the drones from up to two kilometers away, and block operators from reconnecting to the craft. With the targeted Xbee chip being very common in drones, IBM security guy Nils Rodday says it is likely many more aircraft are open to compromise.

How hard can it be?

[blindseer]

I admit I'm no crypto expert but I have had a few IT security certifications over the years. It seems simple enough to have a key exchange with the remote by a cable, so people can't sniff it out of the air, and then have the drone look for that key in every control packet. Of course there would need to be some computation on that key but we have special purpose chips that can do that with minimal delay or power. The algorithms are open source and highly secure so there is little risk or cost there.

I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.

The concern seems to be the delay. Perhaps the commands could be passed through and the commands verified after the fact. If the commands fail then the drone could go in a limited performance mode where every packet needs to be verified, or it goes into a "go home" mode and ignores some or all commands.

No doubt this is what happens in the early development of almost every technology. I recall some similar security failings in the early days of long distance telephones. Some of those security holes may still survive today. People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal. People could steal high end cars by shorting out the right wires.

People that don't learn from history are doomed to repeat it.

Re: How hard can it be?

The company sells at the point the market allows them to. If they could sell it for 100k and still have buyers, they would, and I couldn't blame them for it.

The police don't care about the price because the money is just coming from the taxpayers (not their own money). So they don't care how much they spend.

So that's how this endless positive feedback loop happens.

Re:How hard can it be?

[BitZtream]

I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.

The XBee radios they are using for communications support encryption out of the box. All you have to do is turn it on and give it a key and it does all the work.

People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal.

Its only slightly more complicated now. I can safely say you have everything you need available to you RIGHT NOW to make all the free phone calls you want, only now you can do it without leaving your home and even make it practically untraceable while you sit at home!

The PSTN is still based on the idea that all the connections are relatively trusted because people will 'never figure out how to do this and its a dedicated link' ... unfortunately, that is not now and never really was actually true.

Re:security through prosecution

[jandersen]

It is not without irony that people here seem to feel, that when some member of the public breaks into police or governmenet systems, quite possibly to commit a crime, it is cool, but when the police break into systems of members of the public, usually to catch criminals, this is "gross violation of privacy". If it is wrong for anybody, then it is wrong for everybody, I would have thought.