New submitter ricardinho writes: Research done at the University of Twente, in the Netherlands, shows that paying thousands of dollars for a professional drone does not guarantee that the device will be hack proof. These professional drones are commonly used across various industries to perform daily critical operations, such as surveillance and recon missions by law enforcement authorities. During his research, student Nils Rodday discovered that a professional drone could be compromised in multiple ways (PDF). One of these attack vectors investigated by the student is much more sophisticated than those used to compromise recreational drones that cost few hundreds of dollars and are not expected to be strongly secured. By reverse engineering the drone's operation and firmware, the student found ways to obtain key information that is used to validate the communication on the telemetry link between the drone and its remote controllers. This allowed for a Man-in-the-Middle attack in which the hacker could take full control of the attacked drone from a distance of up to 2 km. Manufacturers of professional drones are blindly trusting XBee chips for the communication between devices. These chips however are not meant to be used in sensitive devices and this flaw can compromise any sort of operation that the drones are deployed for. In addition, the solution is not simple since a firmware update patch cannot be simply released, but manufacturers have to actually recall the devices for in-house upgrades. Perhaps even more surprising is the cost of the described attack: 40 dollars is enough for an attacker to take full control of a $30,000 drone. Nils will explain and demonstrate his hacking into a professional drone during talks at RSA conference in San Francisco and Black Hat Asia in Singapore.