There’s been headline after headline about the dangers of drones, with the FAA issuing warnings and filing complaints. However, a lesser known threat is at hand: What about police drones? Most stories about these personal flight machines center on civilians, but the reality is that police officers, the military, and first responders also rely on drones to protect citizens. However, a security researcher has just showcased that he’s able to hijack at least one type of government-used drone up to one mile away. These kinds of vulnerabilities have introduced a new type of conversation about drone safety.
Nils Rodday presented his findings at the San Francisco RSA security conference in February 2016. As a “white” hacker, he uses his skills for good, showing agencies and businesses where they’re vulnerable. Similar white hackers work for security firms and businesses around the world, and specialize in everything from pointing out the virtues of virtual private server hosting over basic to the latest DDoS attack strategies. However, drone safety is a new niche.
Is Danger Sky High?
Rodday tackled a $30,000 drone, tapping into its radio connection and found he could take it over entirely. All he needed was a radio chip (which you can easily get on Amazon) and a laptop. Connect them with a USB and he was in. There was no encryption from the drone to its rightful controller, the “telemetry box,” so any cybercriminal who can reverse engineer flight software can “appear” like the genuine controller to the drone. They can send commands, block commands, and totally commandeer the drone.
The consequences of taking over a very costly government drone can be very dangerous and even deadly. Right now, Rodday is an IBM employee, but he’s been fascinated by drones since he was a graduate student at the University of Twente. However, he didn’t share which drone he used in the test or the manufacturer, lest a more sinister hacker gets ideas. Still, by pointing out the lack of encryption, it wouldn’t be that difficult for a hacker to try it out him- or herself, especially since the work and cost is so low.
The Sky is Falling
Rodday worked with the manufacturer, signing an NDA before loaning him the quadcopter. However, the details Rodday shared at the conference has some experts already guessing which model it is. It flies for about 40 minutes, costs between $30,000-$35,000, and is regularly used by fire and police departments even though it’s targeted at industrial sectors and ideal for inspecting windmills and/or for aerial photos. Still, Rodday is adamant that the manufacturer and model aren’t as important. He doesn’t suspect the vulnerability is unique to any one quadcopter, and it’s very possible similar vulnerabilities are in many.
The biggest issue he found involved the Wi-Fi signal being weak. An even bigger problem was that the radio protocol being used was very subpar, with the box and drone communicating with Xbee chips which are popular in mesh networking. These chips do offer encryption, but it slows down the processes so they’re usually overridden.