A security researcher “hacker” has reportedly found a way to hijack a high-end drone using parts assembled to the tune of $40.
Mr. Nils Rodday, a security researcher, announced at the RSA security conference in San Francisco that it was possible to hijack a $30000 drone from a mile away just by intercepting its wifi signal. He claimed he did this with only his laptop and a radio chip that was connected to his laptop via USB.
The drone manufacturer has been notified and apparently they gave him the drone to work on after he had signed a confidentiality agreement not to expose anything if such results were found. The drones which are meant to be used by the police and firefighters departments are therefore definitely weak for the industries.
The lack of connection to Wifi of the drones makes it impossible to send an update to fix the bugs wirelessly. That means someone has to connect the drone to a computer manually before updating its software. However, Mr. Rodday suggested that this would lead to slowing down of the drone and might even lead to it unrecognizing some of the user commands.
“$40 and your drone can be hacked”
It is yet unclear what the company responsible will do next with a few options available. They might have to recall the whole product to fix the security flaws. They did, however, state that they got the report from Rodday and will fix it in their next batch of drones they are going to bring out.
Rodday says that the Wi-Fi connection between the telemetry module of the drone and the users tablet uses a weak program called WEP, which according to him is crackable in seconds for the average hacker. That allows any hacker to break the connection and send a “deauth” command which forces the user out of the network and leaves the drone in the command of the attacker.
He also went on to mention that the module and the drone use an X-bee chip to communicate which does have encryption capabilities but to avoid latency the chip does not make full use of them. This the hacker can send commands to the module and drone which reroute packets on the network, thus effectively kicking the user out and stopping his use of the drone and making the hacker be in sole control. He stated that the hacker did not even have to be in a mile long radius.
Considering the importance, we are putting on drones nowadays we need them to be on our side so irregularities like these must be taken seriously so that the fight against terrorism will be easier. Hopefully, they can get it right next time, and we look forward to using drones safely without fear of any hacking from anyone be it friendly or not.