Categories: Hacking

A hacker developed Maldrone, the first malware for drones

Security expert Rahul Sasi has discovered and exploited a backdoor in Parrot AR Drones that allows him to remotely hijack the UAV with the malware Maldrone.

The diffusion of drones is alerting government and authorities, small Unmanned Aerial Vehicles (UAVs) are used more frequently in different sectors.

The security of drones in both military and commercial uses is crucial, these flexible vehicles could be turned in war machines and abused by threat actors to compromise a target.

The White House gets drone defense wake-up call after that a quadcopter drone crashed onto the White House grounds, highlighting the growing security threat posed by small Unmanned Aerial Vehicles (UAVs). While Amazon announces the use of drones for commercial activities and Russian Army announces the expansion of its aerial fleet with a new generation of Corsair reconnaissance drones as early as the end of 2016, the security researcher Rahul Sasi (@fb1h2s) has discovered and exploited a backdoor in the Parrot AR Drones manufactured by a French-based company.

The news is disconcerting, a threat actor could exploit the backdoor to remotely control a flying quadcopter helicopter. The Parrot AR Drone is a quadricopter helicopter that can be easily controlled with a common smartphone, it is a versatile and portable device that can include a wide range of options.

The Security researcher Rahul Sasi designed a malicious code that is able to compromise every drone based on ARM Linux system. The malware, dubbed Maldrone [MALware DRONE], is the first ever backdoor malware written for AR drone ARM Linux system.

“Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick,” Sasi said.”But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing.”

Maldrone is very dangerous, it could be used to remotely hijack drones, Rahul Sasi also provided a video proof-of-concept to demonstrate its efficiency.

“In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone. Once connection is established we can interact with the software as well as drivers/sensors of drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The Backdoor is persistent across resets,” is explained in the video.

According to the researcher, Maldrone can interact with the drone’s device drivers and sensors silently and allow the hacker to control the drone remotely. As a result, Maldrone could be also abused to conduct remote surveillance. Of course, the backdoor could be exploited by attackers within a wireless range.

The Maldrone features described by Sasi in a blog post are:

Features:
Maldrone will get silently installed on a drone.
Interact with with the device drivers and sensors silently.
Lets the bot master controller the drone remotely .
Escape from the Drone owner to Bot master.
Remote surveillance.
Spread to other drones *.

Sasi explained that Maldrone is different to previously-disclosed attacks, let’s think to the hack of Amazon UAVs, because it is able to bypass authentication mechanisms in place and does not limit its action to the interference with the signals sent by the command infrastructure. Sasi explained that his attack could be also combined with the Skyjack attack in a way to make the backdoor wormable.

Sasi reversed the proprietary AR Drone firmware in order to discover the vulnerability and develop Maldrone malware. The researcher will present his research at Nullcon next month, he will explain how to hack a drone or access to on board video feeds.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Drone, UAV, Maldrone)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.