The Icarus box is able to hijack nearly any drone mid-flight

A security researcher presented a small hardware named Icarus box that is able to hijack a variety of popular drones mid-flight.

It could be very easy to hijack nearly any drone mid-flight by using the hardware presented by the Trend Micro researcher Jonathan Andersson at the PacSec hacking conference in Japan this week. Andersson, who leads the Trend Micro’s TippingPoint DVLab division, presented a small hardware named Icarus that is able to hijack a variety of popular drones mid-flight, the attacker is able to gain full control of the vehicle by locking the owner out.

According to Andersson, the Icarus box is able to hack into and radio controlled vehicles that run the SMx radio platform. Unfortunately, the SMx radio platform is very popular for drones, it present in vehicles manufactured by many vendors, including Walkera, NineEagles and AirTronics.

“It’s not a jamming system so i am not competing for control via RF power,” Andersson explained to Vulture South.

“Full flight control is achieved with the target experiencing a complete loss of control — it’s a clean switch-over.

“The range of my proof of concept implementation is equal to a standard DSMx radio transmitter, though standard 2.4GHz ISM band amplification can be applied to extend the range.”

The principle behind the Icarus box is simple, the hardware is able to determine the unique shared secret key within the DSMx binding process by monitoring the activity of the component and running a brute force attack. Once the Icarus box grabs the key, the attacker can send malicious packets to lock the legitimate controller out and send his commands.

Below a video PoC of the attack

“It works against all DSMx based radio systems, which would include drones, airplanes, cars, boats, and so on,” Andersson added.

The only way to protect the drone against such kind of attack is by updating receivers’ firmware protocols, an operation that is not always possible on many drones.

“My guess is that it will not be easy to completely remedy the situation. The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, transmitters that come with models and standalone receivers,” Andersson told Ars Technica.

“Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side.”

Below the slides prepared by Andersson.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Icarus box, drone hijacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.