Slashdot Mirror
$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away (theregister.co.uk)
mask.of.sanity writes: Thieves can hijack $28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from up to two kilometers away thanks to a lack of encryption, which is not present due to latency overheads. Attackers can commandeer radio links to the drones from up to two kilometers away, and block operators from reconnecting to the craft. With the targeted Xbee chip being very common in drones, IBM security guy Nils Rodday says it is likely many more aircraft are open to compromise.
Read the article...they went cheap and the CPU doesn't properly support encryption. Saved a few bucks in parts cost, but now have a completely insecure system...hah
It creates cashflow latency overhead.
I admit I'm no crypto expert but I have had a few IT security certifications over the years. It seems simple enough to have a key exchange with the remote by a cable, so people can't sniff it out of the air, and then have the drone look for that key in every control packet. Of course there would need to be some computation on that key but we have special purpose chips that can do that with minimal delay or power. The algorithms are open source and highly secure so there is little risk or cost there.
I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.
The concern seems to be the delay. Perhaps the commands could be passed through and the commands verified after the fact. If the commands fail then the drone could go in a limited performance mode where every packet needs to be verified, or it goes into a "go home" mode and ignores some or all commands.
No doubt this is what happens in the early development of almost every technology. I recall some similar security failings in the early days of long distance telephones. Some of those security holes may still survive today. People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal. People could steal high end cars by shorting out the right wires.
People that don't learn from history are doomed to repeat it.
I am armed because I am free. I am free because I am armed.
I have 3 racing quads (Naze32 based controllers), 2 photography quads (with full auto pilot, navigation (ArduPilot)), 2 traditional RC Helis and 2 RC Seaplanes (These use COTS parts from Futaba for competition purposes), all of which have some sort of autopilot or 'assistance' on them. The CPUs in NONE of them support encryption.
You do realize that you can FLY an aircraft with full auto navigation on an Arduino, right? I don't think you understand how easy it is to write compact software that will do amazing things on tiny CPUs, probably due to dealing with bloated ass PCs where no one gives a fuck about writing decent software.
Flying an aircraft doesn't require a lot of CPU horse power. Standard servos and speed controllers operate at 50 hertz. They've changed speed controllers for quads because the APs can do much higher refresh rates, which when coupled with the way quads work makes a noticeable stability difference, So you see, even a little Arduino has CPU power to spare for flying the aircraft ... but it doesn't have encryption.
The CPU in all 5 of my quads cost less than a dollar each. You can get encryption instruction sets in all of them (The cpus that is) ... but that'll put the chip at $3-5/each instead of $0.75
In the embedded world, you don't bring shit you don't need with you, it wastes power and space, generates heat, and introduces additional complexity and unknowns. Even if they included encryption for no monetary cost, you wouldn't buy a chip with it unless you knew you were going to use it. Do you want your aircraft to crash because of some weird Errata that only occurs on chips with X feature that you don't use?
HOWEVER, All XBee chips DO support encryption so that the CPU DOESN'T have to know anything about it. All they would have had to do was flip a bit with the configuration tool and add figure out how to manage keys in the production environment/end user space.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Drones are no good for a conflict encounter with peers or near peers. This technology should be left to the civil industry.
This is not a case of criminals breaking into police equipment. This is a group telling police and the public that these systems are vulnerable so they can fix the problem and prevent criminals from doing this in the future.
"Be particularly skeptical when presented with evidence confirming what you already believe." -
Perhaps that just shows what high quality "hobby" parts have achieved.
That's the thing with mass production and economies of scale can do, improve quality while lowering costs. Things that no so long ago would have been an expensive custom item are now cheap enough and of a high enough quality that someone would be stupid to go back to that custom item.
I suspect that it is quite possible that people will make passenger carrying craft with the same chips used in toys. The difference between an RC toy autopilot and a Boeing 787 autopilot is largely in the amount of technical review done on the code. If those chips are made in quantity then the cost of that review can be spread among more product. Sell the chips to hobbyists knowing that they'd want bragging rights that the code it runs is the same as on a Boeing 787.
I am armed because I am free. I am free because I am armed.
Any ARM processor can encrypt and decrypt data at plenty speed and next to no latency. A Raspberry Pi Zero at $5 is more than enough. The processor in your smartphone is plenty. Even if it isn't and they had to 'splurge' for a multi-core Intel CPU it would be like $100 or so. There is no excuse, none whatsoever, to leave encryption out to save a few bucks.
To Terminate, or not to Terminate, that's the question - SCSIROB
Funny that such an expensive drone uses hobby kit parts.
It's not really that surprising if you think about it. RC models are basically drones whose primary purpose is entertainment and fun, light military drones are RC models who have been repurposed for intelligence gathering and spotting for air and artillery strikes or police commando raids. The explosion in the development of light drones for military and police use is a pretty recent phenomenon driven by heavily miniaturised computers/cameras/GPS sensors (a product of the mobile device revolution) small enough to fit into a tiny airframe. However, when it comes to the airframe and control part of the equation kit hobbyists have been developing an entire industry around remote controlled craft of every conceivable kind since the 1940s that has even put mass manufactured micro jet engines that fit into the budget range of ordinary RC hobbyists. It is only natural that Police/Military light drone manufacturers would dip into such an extensive pool of existing industrial infrastructure and design knowledge to keep costs down.
Start getting lag when the weather isn't perfect and you will start losing the drones due to not being able to control their flight or even the ability of the drone to stabilize it's own flight.
They have processors with realtime encryption support capable of avoiding these issues. Your suggested reason was likely the justification to use a less capable processor to save money. I think the decision was probably made before the police had any say in the matter.
That if you want to encrypt the video stream from the drone back to ground, that you might have a lot of latency as that could take some horsepower. But encrypting the navigation signals ought not create any problems with latency.
Are you kidding? Most non-hobby flight controllers are already running multi-core or even multiprocessor systems. The power draw for the processor is very small compared to that of the motors.
Start getting lag when the weather isn't perfect and you will start losing the drones due to not being able to control their flight
Nope. Even open source MultiWii has GPS failsafe. With a "big" antenna (e.g. ~25mm) a drone floating above the city tends to have great reception even in poor weather. A 10mm antenna is good enough for adequate reception on a nice day, but presumably we're talking about fairly large drones for which a sizable GPS antenna is a minor issue. If they lose GPS positioning momentarily, they can reasonably hold position on their other sensors until they get it back. The only real danger is if you can jam their GPS signal for an extended period, at which point they will probably come straight down.
or even the ability of the drone to stabilize it's own flight.
Nope. Stable flight modes prevent any such problems, and if you're not trying to play acrobatic tricks, there's no good reason not to use them.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"