Hacking a Professional Drone

New submitter ricardinho writes: Research done at the University of Twente, in the Netherlands, shows that paying thousands of dollars for a professional drone does not guarantee that the device will be hack proof. These professional drones are commonly used across various industries to perform daily critical operations, such as surveillance and recon missions by law enforcement authorities. During his research, student Nils Rodday discovered that a professional drone could be compromised in multiple ways (PDF). One of these attack vectors investigated by the student is much more sophisticated than those used to compromise recreational drones that cost few hundreds of dollars and are not expected to be strongly secured. By reverse engineering the drone's operation and firmware, the student found ways to obtain key information that is used to validate the communication on the telemetry link between the drone and its remote controllers. This allowed for a Man-in-the-Middle attack in which the hacker could take full control of the attacked drone from a distance of up to 2 km. Manufacturers of professional drones are blindly trusting XBee chips for the communication between devices. These chips however are not meant to be used in sensitive devices and this flaw can compromise any sort of operation that the drones are deployed for. In addition, the solution is not simple since a firmware update patch cannot be simply released, but manufacturers have to actually recall the devices for in-house upgrades. Perhaps even more surprising is the cost of the described attack: 40 dollars is enough for an attacker to take full control of a $30,000 drone. Nils will explain and demonstrate his hacking into a professional drone during talks at RSA conference in San Francisco and Black Hat Asia in Singapore.

a 30,000 dollars drone

[xxxJonBoyxxx]

If only there was a symbol that meant "dollar"

Re:

[Errol backfiring]

There is, but on slashdot it probably starts with a capital A crowned by a tilde.

Re:

[Anonymous Coward]

This is what happens when you don't RTFA and apparently aren't even capable of reading TFS. That the summary could have been written slightly differently has no bearing on the quality of the story. What a useless comment coming from a useless user. I hope you get modded down to -1 where you belong. Slashdot doesn't need more stupid comments from stupid people like you. Get lost.

- chipschap (posting anonymously to protect my karma)

Re:

[Anonymous Coward]

On sober second thought, I take all that back. I deeply and humbly apologize. xxxJonBoyxxx let's be pals again, mkay?

- chipschap (posting anonymously to protect my karma)

edit...very appropriate captcha for this situation: conifer

Interstellar?

[RobinH]

I know it was a military drone in the movie, but suddenly that scene in Interstellar doesn't seem quite so crazy. :)

No encryption

[Anonymous Coward]

Well known that the XBee can be 'cracked' if you do not turn on the encryption. It is a major selling point for some applications that you can easily add more modules without consent from the OEM. If you enable encryption it should presumably be more difficult.

Re:

[xxxJonBoyxxx]

>> an RSA presentation which none of us will ever see

I've been to RSA. Many times. You aren't missing much. Go to a different security conference if you want to improve your skills - RSA is primarily for managers and buyers of packaged security solutions.

Re:

[turp182]

That's why he can present such information in the USA, if that is before the Singapore conference.

He might have to move to Russia at some point....

Beware the Aussie sharks!

[MrTester]

Am I the only one concerned about the Australian sharks ability to hack the shark spotting drones?
Whats next? Lasers?

Additional reading

[ricardinho]

Police Drone Can Be Commandeered From 2 Kilometres Away, Hacker Claims [forbes.com]
Hacker Says He Can Hijack a $35K Police Drone a Mile Away [wired.com]

Re:

[Thud457]

Thanks for the obligatory Forbes link. They're a top trusted name in tech journalism. Plus I haven't had my RDA of malware this morning.

Re:

[ricardinho]

They didn't do the research, just reported. Being one of the co-authors of the work I can tell you that it is accurate.

Re:

[110010001000]

And I can tell you that Forbes delivers malware via their ads so you aren't welcome here.

ROI

[thermidor]

40 dollars is enough for an attacker to take full control of a $30,000 drone

That's quite a decent ROI, even allowing for depreciation.

Click-bait article title with stupid terms...

[Anonymous Coward]

"Drone" has become a ridiculous word, applied by click-baiting pseudo-journalist know-nothings to everything down to a $20 remote-controlled quadcopter/airplane you buy at the mall, lacking autonomous flight capability.

The proper, non-retarded term is this instance is "autonomous UAV" (unmanned aerial vehical).

Furthermore, using "hacking" in place of "cracking" on Slashdot is simply unforgivable.

Using mushy, ill-defined or mis-defined hyperbolic terminology is a great way to make your intellectual readersh

40$ is expensive

[avandesande]

can shoot it down with 24 cent shotgun shell

Re:

[godel_56]

can shoot it down with 24 cent shotgun shell

From 2km away?

The paper if you thought TLDR;

[recharged95]

Basically if you use XBees, which are common in pro setups....

a. use API mode
b. use digi's built in encryption (AES)
c. Message authentication (key ids, crcs, etc...)

You can do all the other things he suggested, but this will stop 98% of the attacks out there. I'm surprised why he says Digi's onboard encryption was too slow. We do the above on all our drones (albeit a custom GCS) and do additional data link (Mesh ID based) and application layer things for added security, and still see 2ms lag from AES when t