$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away

mask.of.sanity writes: Thieves can hijack $28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from up to two kilometers away thanks to a lack of encryption, which is not present due to latency overheads. Attackers can commandeer radio links to the drones from up to two kilometers away, and block operators from reconnecting to the craft. With the targeted Xbee chip being very common in drones, IBM security guy Nils Rodday says it is likely many more aircraft are open to compromise.

Re:What latency overhead?

Read the article...they went cheap and the CPU doesn't properly support encryption. Saved a few bucks in parts cost, but now have a completely insecure system...hah

Re:How hard can it be?

[sexconker]

As a taxpayer paying for the $28,000 drones, I say hack away. Drop them all from the sky.

Re:What latency overhead?

[BitZtream]

I have 3 racing quads (Naze32 based controllers), 2 photography quads (with full auto pilot, navigation (ArduPilot)), 2 traditional RC Helis and 2 RC Seaplanes (These use COTS parts from Futaba for competition purposes), all of which have some sort of autopilot or 'assistance' on them. The CPUs in NONE of them support encryption.

You do realize that you can FLY an aircraft with full auto navigation on an Arduino, right? I don't think you understand how easy it is to write compact software that will do amazing things on tiny CPUs, probably due to dealing with bloated ass PCs where no one gives a fuck about writing decent software.

Flying an aircraft doesn't require a lot of CPU horse power. Standard servos and speed controllers operate at 50 hertz. They've changed speed controllers for quads because the APs can do much higher refresh rates, which when coupled with the way quads work makes a noticeable stability difference, So you see, even a little Arduino has CPU power to spare for flying the aircraft ... but it doesn't have encryption.

The CPU in all 5 of my quads cost less than a dollar each. You can get encryption instruction sets in all of them (The cpus that is) ... but that'll put the chip at $3-5/each instead of $0.75

In the embedded world, you don't bring shit you don't need with you, it wastes power and space, generates heat, and introduces additional complexity and unknowns. Even if they included encryption for no monetary cost, you wouldn't buy a chip with it unless you knew you were going to use it. Do you want your aircraft to crash because of some weird Errata that only occurs on chips with X feature that you don't use?

HOWEVER, All XBee chips DO support encryption so that the CPU DOESN'T have to know anything about it. All they would have had to do was flip a bit with the configuration tool and add figure out how to manage keys in the production environment/end user space.

Re:How hard can it be?

[BitZtream]

I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.

The XBee radios they are using for communications support encryption out of the box. All you have to do is turn it on and give it a key and it does all the work.

People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal.

Its only slightly more complicated now. I can safely say you have everything you need available to you RIGHT NOW to make all the free phone calls you want, only now you can do it without leaving your home and even make it practically untraceable while you sit at home!

The PSTN is still based on the idea that all the connections are relatively trusted because people will 'never figure out how to do this and its a dedicated link' ... unfortunately, that is not now and never really was actually true.