The researcher Nils Rodday presented at the annual RSA conference in San Francisco the findings of its study on hacking drones.
Rodday, who currently at IBM, has conducted his research while working as a graduate researcher at the University of Twente in the Netherlands.
Rodday focused its research on remote hijacking high-end drones commonly deployed by government agencies and law enforcement agencies. The expert explained how to exploit security holes in the drone’s radio connection to gain control on the UAV, an attack that just need a laptop and a cheap USB-connected chip.
The expert hasn’t provided details on the specific drone model he has tested because he signed a non-disclosure agreement with its manufacturer of the UAV.
Rodday has found a way to exploit the lack of encryption for the communication between the drone and controller module. A rogue hacker can make a reverse engineering of the drones software components in order to discover which are command accepted by the UAV and send them to the navigation controls. block all commands from the real operator, or even crash it to the ground.
In a typical attack scenario, the hacker can isolate the drone from the controller, blocking all commands from the legitimate operator, send its commands resulting in drone hijacking.
“If you think as an attacker, someone could do this only for fun, or also to cause harm or to make a mess out of a daily surveillance procedure,” Rodday told Wired. “You can send a command to the camera, to turn it to the wrong side so they don’t receive the desired information… or you can steal the drone, all the equipment attached to it, and its information.”
Rodday discovered two critical security vulnerabilities in the tested unmanned aerial vehicle (UAV), such as the poorly encrypted Wi-Fi connections that open the vehicle to cyber attacks and makes it ‘crackable in seconds’.
The security issues reside in a communication chip, the Xbee, that doesn’t implement strong encryption between the unmanned aerial device and the controller module ( ‘telemetry box’), opening to man-in-the-middle (MitM) attack.
An attacker could intercept the traffic between the drone and the telemetry box injecting impersonating the legitimate control operator.
Rodday explained that the drone he tested is used by the Dutch police for surveillance, the cost of the UAV is around €20,000 ($21,700). The model of drone tested by the expert is used in many other industries, including agriculture and protection of critical infrastructure.
The most worrying part of the research is the scope of the discoveries made by Rodday, many other drones on the market could be affected by the same vulnerabilities.
“I think this vulnerability exists in a lot of other set-ups. The impact of the whole thing is bigger than this manufacturer,” he explained.
“Due to the fact that multiple UAV manufacturers are using the investigated technology, the impact of this research is high. This research will be shared with the manufacturers who are known to implement the investigated solutions and made publicly available.” wrote the expert.
“There are presumably many more manufacturers using the vulnerable setup without revealing their hardware components to the public, leaving their setup prone to attacks. To encounter this issue, security awareness within the community of UAV manufacturers is important.”
I suggest you to read the interesting thesis published by Rodday on the topic.
“Although the costs for professional UAVs are extensively higher compared to consumer UAVs, the security of the investigated model can be judged insufficient.” wrote Rodday.
“It was possible to perform a MitM attack on the XBee communication channel. As no encryption and authentication are applied anywhere, packets were successfully injected into the compromised channel, making the UAV react to the attacker’s commands.”
(Security Affairs – hacking drones, hijacking)