$40 Hardware Is Enough To Hack $28,000 Police Drones From 2km Away (theregister.co.uk) 97
mask.of.sanity writes: Thieves can hijack $28,000 professional drones used widely across the law enforcement, emergency, and private sectors using $40 worth of hardware. The quadcopters can be hijacked from up to two kilometers away thanks to a lack of encryption, which is not present due to latency overheads. Attackers can commandeer radio links to the drones from up to two kilometers away, and block operators from reconnecting to the craft. With the targeted Xbee chip being very common in drones, IBM security guy Nils Rodday says it is likely many more aircraft are open to compromise.
What latency overhead? (Score:1)
I never heard encryption causing latency overhead that matters for RC....more like serious negligence overhead
Re:What latency overhead? (Score:5, Informative)
Read the article...they went cheap and the CPU doesn't properly support encryption. Saved a few bucks in parts cost, but now have a completely insecure system...hah
Re: (Score:2)
More like management wanted to save $2 per unit and went with the cheaper CPU.
Re: (Score:2)
Not for embedded CPUs, they are considerably less powerful, and if there isn't dedicated support for the algorithms there is considerable lag.
Re: (Score:2)
Re: (Score:1)
Our race car was like that. I loved it like that -- turn the wheel, the car leans over, and then it turns. Yes, you have to plan accordingly. You cannot wait to the last second to turn the wheel. Yes, that can be a problem at night with no (read: very ineffective) lights.
Re: (Score:3)
Start getting lag when the weather isn't perfect and you will start losing the drones due to not being able to control their flight or even the ability of the drone to stabilize it's own flight.
They have processors with realtime encryption support capable of avoiding these issues. Your suggested reason was likely the justification to use a less capable processor to save money. I think the decision was probably made before the police had any say in the matter.
Re: (Score:3)
Start getting lag when the weather isn't perfect and you will start losing the drones due to not being able to control their flight
Nope. Even open source MultiWii has GPS failsafe. With a "big" antenna (e.g. ~25mm) a drone floating above the city tends to have great reception even in poor weather. A 10mm antenna is good enough for adequate reception on a nice day, but presumably we're talking about fairly large drones for which a sizable GPS antenna is a minor issue. If they lose GPS positioning momentarily, they can reasonably hold position on their other sensors until they get it back. The only real danger is if you can jam their GPS
Re: (Score:2)
Lol.. the lag will not be in the transmission latency it will be in the commands processed. The inputs from the GPS and flight stabilizer will stack right behind the others. It will have the same effect as driving when someone drifts onto a soft shoulder and over corrects to return to the road then shoots further than expected when good traction is reestablished. This often ends up with the vehicle running off the other side of the road if not striking another vehicle or object first.
Re: (Score:2)
Lol.. the lag will not be in the transmission latency it will be in the commands processed.
What?
The inputs from the GPS and flight stabilizer will stack right behind the others.
Flight stabilizer? What? No. The code loops, every so often. The main loop contains tests to see if enough time has elapsed between flight control events and when it has, it kicks one off. Another timer check tests to see if there is incoming controller data, and engages failsafe if not. Another test in the loop, which ISTR also being on a timer, checks for GPS input and parses sentences when present. In the flight control, there is a call to check the IMU hardware, which is typically done through SPI.
Re: (Score:2)
The police (municipality, whoever) had their say when they wrote the check to buy them.
Re: (Score:2)
Er, whose drone? We've got your money already, go pound sand.
Signed,
A.Corporation
Re: (Score:3)
Re: (Score:2)
Right... because you can reasonably run a multi-core Intel CPU in an application like this. Power usage is probably a much more significant factor.
Re: What latency overhead? (Score:3)
Are you kidding? Most non-hobby flight controllers are already running multi-core or even multiprocessor systems. The power draw for the processor is very small compared to that of the motors.
Re:What latency overhead? (Score:5, Informative)
I have 3 racing quads (Naze32 based controllers), 2 photography quads (with full auto pilot, navigation (ArduPilot)), 2 traditional RC Helis and 2 RC Seaplanes (These use COTS parts from Futaba for competition purposes), all of which have some sort of autopilot or 'assistance' on them. The CPUs in NONE of them support encryption.
You do realize that you can FLY an aircraft with full auto navigation on an Arduino, right? I don't think you understand how easy it is to write compact software that will do amazing things on tiny CPUs, probably due to dealing with bloated ass PCs where no one gives a fuck about writing decent software.
Flying an aircraft doesn't require a lot of CPU horse power. Standard servos and speed controllers operate at 50 hertz. They've changed speed controllers for quads because the APs can do much higher refresh rates, which when coupled with the way quads work makes a noticeable stability difference, So you see, even a little Arduino has CPU power to spare for flying the aircraft ... but it doesn't have encryption.
The CPU in all 5 of my quads cost less than a dollar each. You can get encryption instruction sets in all of them (The cpus that is) ... but that'll put the chip at $3-5/each instead of $0.75
In the embedded world, you don't bring shit you don't need with you, it wastes power and space, generates heat, and introduces additional complexity and unknowns. Even if they included encryption for no monetary cost, you wouldn't buy a chip with it unless you knew you were going to use it. Do you want your aircraft to crash because of some weird Errata that only occurs on chips with X feature that you don't use?
HOWEVER, All XBee chips DO support encryption so that the CPU DOESN'T have to know anything about it. All they would have had to do was flip a bit with the configuration tool and add figure out how to manage keys in the production environment/end user space.
Re: (Score:1)
HOWEVER, All XBee chips DO support encryption so that the CPU DOESN'T have to know anything about it. All they would have had to do was flip a bit with the configuration tool and add figure out how to manage keys in the production environment/end user space.
As does TFA say.
TFA even says encryption was enabled.
There is a non-subtle difference between WEP and WPA, and if someone who broke into the device says WEP was used rather than WPA for performace reasons, I think it is fair to assume that person knows what they are talking about? Yes, I would have liked to understand the technical issues better too. But such is journalism.
Re: (Score:2)
Lets start by establishing that they don't use either WEP or WPA, then we can get back to who knows what they're talking about, K? Such is journalism and the reality of people 'hacking' something ... without having any fucking clue what they actually did.
Re: (Score:2)
Or they are just idiots who think that nobody would ever want to hack their product, and that its much easier to debug without encryption.
Re: What latency overhead? (Score:1)
You're close. It's not debug, but introducing unauditable failure modes. If the encryption is good, then you have part of the command link that has random noise thrown in ... Bit errors are real and happen on digital links. So now, you're injecting random data into the C2 links, which is not good. This is accommodated by a variety of protocols, which all add latency because they're sending more data. This is not good. Additionally, we really want Aircraft systems to be, say, audit able and verifiable. Crypt
Re: (Score:1)
Bit errors will also happen without encryption. What encryption would likely do is spread a single bit error to more bits (if it is a block cipher) but even if it didn't you wouldn't want the flight controller executing a command with a corrupt bit.
Since it cannot be known if an error in transmission is just bad luck or an actual attack attempt good encryption will also offer a message authentication code. This works like a checksum, but with authentication. It will verify that the message is correct as-sen
Re: (Score:2)
A valid point. But as someone pointed out in another branch above, you don't actually need an encrypted signal to secure the device, just securely signing the packets would be sufficient. Somebody monitoring the signal is not that big a deal, you just don't ant them to be able to spoof it. A hashed signature would also allow you to respond immediately while still waiting to confirm it's validity - a single spoofed packet, or even a handful, are unlikely to cause much problem, so long as the spoofed signal
Re: (Score:1)
No, they went stupid. The chips they are using DO have encryption built in. All XBee chips do, as an example.
Re: (Score:2)
A couple of xor operations? Seriously? Just what sort of "encryption" are you imagining you could get with that? One-time pads are the only one that would be even remotely secure with that little overhead, and good luck trying to avoid coordination problems in the presence of incompetent users, a noisy data line, and malicious attackers.
It might be doable, but it would be really challenging to come up with something that was both just as reliable and more than a minor nuisance to an attacker.
Re: (Score:2)
From open source flight control software I've seen, the scheduler runs the main loop and tertiary loops at set frequencies, and the CPU utilization is not near 100%, so it is ok to add more calculations. CPU utilization is actually somewhat low, other than when logging is set at verbose.
Servos and motors are on per wire modulation (PWM). They wait for a signal at a set frequency, in many cases 490hz (though the trend is new protocols which are higher rates).
So implementing encryption is just a matter of mak
Re: (Score:2)
It creates cashflow latency overhead.
Suck my drone (Score:1)
Fuck the police
Re: It doesn't matter what you did (Score:1)
Send the owner of lifehacker to jail. And anyone who uses hack in that way. Or anyone who even talks about hacks. For the children! Because some pedophiles and terrorists are hackers. Are you a pedophile or terrorist?
Re: (Score:2)
That's what the state does: it provides security for its people, by prosecuting the criminals.
But yeah I know what you meant... This will just lead to DRMed (or criminalized) SDRs or something, totally the wrong approach IMO. Policemen may be trusting their lives on these devices, and the video footage may be used as proof in court. If the defendant can prove there is no encryption, then boom the proof may be void.
Re: (Score:2)
Re: (Score:2, Interesting)
It is not without irony that people here seem to feel, that when some member of the public breaks into police or governmenet systems, quite possibly to commit a crime, it is cool, but when the police break into systems of members of the public, usually to catch criminals, this is "gross violation of privacy". If it is wrong for anybody, then it is wrong for everybody, I would have thought.
Re: security through prosecution (Score:5, Informative)
Re: (Score:2)
Ah, I see - "The ends justify the means", right?
Re: (Score:2)
It is not without irony that people here seem to feel, that when some member of the public breaks into police or governmenet systems, quite possibly to commit a crime, it is cool, but when the police break into systems of members of the public, usually to catch criminals, this is "gross violation of privacy".
1) The cops are public servants, the drones are public property, while that doesn't give us the right to use them as toys it does give us the right to demand that they be used responsibly.
2) The cops have rights that the rest of us lack, and the power to fuck up our lives, so we have to keep closer track of their activities.
How hard can it be? (Score:5, Interesting)
I admit I'm no crypto expert but I have had a few IT security certifications over the years. It seems simple enough to have a key exchange with the remote by a cable, so people can't sniff it out of the air, and then have the drone look for that key in every control packet. Of course there would need to be some computation on that key but we have special purpose chips that can do that with minimal delay or power. The algorithms are open source and highly secure so there is little risk or cost there.
I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.
The concern seems to be the delay. Perhaps the commands could be passed through and the commands verified after the fact. If the commands fail then the drone could go in a limited performance mode where every packet needs to be verified, or it goes into a "go home" mode and ignores some or all commands.
No doubt this is what happens in the early development of almost every technology. I recall some similar security failings in the early days of long distance telephones. Some of those security holes may still survive today. People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal. People could steal high end cars by shorting out the right wires.
People that don't learn from history are doomed to repeat it.
Re:How hard can it be? (Score:5, Insightful)
As a taxpayer paying for the $28,000 drones, I say hack away. Drop them all from the sky.
Re: How hard can it be? (Score:2, Interesting)
The company sells at the point the market allows them to. If they could sell it for 100k and still have buyers, they would, and I couldn't blame them for it.
The police don't care about the price because the money is just coming from the taxpayers (not their own money). So they don't care how much they spend.
So that's how this endless positive feedback loop happens.
Re: (Score:2)
AC posts an anti-government spending screed demonstrating weak to non-existent comprehension of Economics 101.
In any given year, the police have a fixed budget. They almost certainly want more black-ops toys than their budget permits them to purchase, so they must then navigate their relative preference of one toy over another, which certainly does translate into a price sensitivity modulo substitution goods. (He who thinks that inter-departmental
Re:How hard can it be? (Score:5, Interesting)
I guess adding a $1 port and a $2 codec chip on both the controller and drone is too much to ask for protecting a $28k drone from being stolen or destroyed by a prankster.
The XBee radios they are using for communications support encryption out of the box. All you have to do is turn it on and give it a key and it does all the work.
People could make long distance phone calls without paying by using a whistle that came free with breakfast cereal.
Its only slightly more complicated now. I can safely say you have everything you need available to you RIGHT NOW to make all the free phone calls you want, only now you can do it without leaving your home and even make it practically untraceable while you sit at home!
The PSTN is still based on the idea that all the connections are relatively trusted because people will 'never figure out how to do this and its a dedicated link' ... unfortunately, that is not now and never really was actually true.
Hobby drone (Score:1)
Funny that such an expensive drone uses hobby kit parts.
Re: (Score:3)
Perhaps that just shows what high quality "hobby" parts have achieved.
That's the thing with mass production and economies of scale can do, improve quality while lowering costs. Things that no so long ago would have been an expensive custom item are now cheap enough and of a high enough quality that someone would be stupid to go back to that custom item.
I suspect that it is quite possible that people will make passenger carrying craft with the same chips used in toys. The difference between an RC toy autop
Re: (Score:2)
lost me at economies of scale but i know im not some drone that always needs to be aware of some evasive bs or whatever or whatever should not be evading anything because it should not be felt there is anything to hide due to history and all that stuff, so am i posting like this just to validate myself because i could care less if people are narcissistic. everybody is but its nothing to make a big deal out of. im not even trying to outsmart anyone but having to constantly defend yourself sh ouldnt be neces
Re: (Score:2)
Perhaps that just shows what high quality "hobby" parts have achieved.
That's the thing with mass production and economies of scale can do, improve quality while lowering costs. Things that no so long ago would have been an expensive custom item are now cheap enough and of a high enough quality that someone would be stupid to go back to that custom item.
Indeed. In 2003, image-sensors for optical microscopes (in labs) cost from $2000-$8000.
I built one for about $40, and it worked perfectly.
Bought a Mattel QX3 'toy' USB microscope off ebay, ripped out the sensor, stuck it into a tuna can, and mounted that atop a high-quality compound microscope at the RFP. The toy's software worked just fine, enabling super-cheap 40x–1000x image-capture from top-end optics.
Sure, CMOS sensors are noisy, so I just cranked up the illumination for good SNR. And 320x240
Re: (Score:3)
Funny that such an expensive drone uses hobby kit parts.
It's not really that surprising if you think about it. RC models are basically drones whose primary purpose is entertainment and fun, light military drones are RC models who have been repurposed for intelligence gathering and spotting for air and artillery strikes or police commando raids. The explosion in the development of light drones for military and police use is a pretty recent phenomenon driven by heavily miniaturised computers/cameras/GPS sensors (a product of the mobile device revolution) small eno
Re: (Score:2)
However, when it comes to the airframe and control part of the equation kit hobbyists have been developing an entire industry around remote controlled craft of every conceivable kind since the 1940s that has even put mass manufactured micro jet engines that fit into the budget range of ordinary RC hobbyists. It is only natural that Police/Military light drone manufacturers would dip into such an extensive pool of existing industrial infrastructure and design knowledge to keep costs down.
The problem with this idea is that the only especially interesting parts of the code are the flight control parts. The rest is pretty boring. Equally, the off the shelf hardware is not all that interesting. The only thing that it has to recommend it is footprint. You're not saving any money by buying an off the shelf autopilot as compared to buying an Arduino (or whatever) and a 10dof board. It's natural that they'd want to dip into the community, but it's not clear what they're really getting out of the ha
Encryption is still no good against jamming (Score:5, Informative)
Re: (Score:2)
to the void said the paranoid android but the name of the band escapes me. is there an app for name that song or am i in the wrong forum? is ther a lgorithm to detect if your credit card may have been stolen due to unusual activity or some other pattern that is awry? i would figure that police drones would detect such things or any kind of drone not made from hobby kit parts that was to be used in such a way. do they not learn from history these pesky humans always asking for captchas to confirm you are a
Re: (Score:2)
It's like somebody cloned Joe_Dragon but due to a bug the brain got split instead of duplicated.
Re: (Score:2)
only response i could thiunk of is some casino game with a dual name, what a shame
Re: (Score:2)
only tree fiddy? such a pity
Re: (Score:2)
Encryption is still no good against jamming
Yes, because encryption is not a defense against one specific attack type, logically you shouldn't even bother trying to defend against all the other attacks you perfectly well can defend yourself against.
Because logic!
do these even exist yet? (Score:2)
do they even have these in use yet ? or is this just some headline to scare people. have to ask because of the way the summary is written
because of latency? (Score:2)
I am thinking... (Score:3)
That if you want to encrypt the video stream from the drone back to ground, that you might have a lot of latency as that could take some horsepower. But encrypting the navigation signals ought not create any problems with latency.
Re: (Score:2)
That if you want to encrypt the video stream from the drone back to ground, that you might have a lot of latency as that could take some horsepower. But encrypting the navigation signals ought not create any problems with latency.
Their comm link should probably be encrypted. But I do not want their video stream encrypted.
Any citizen can buy a "Police Scanner" to listen to their chatter. This should be no different. Watch the watchers.
Re: (Score:2)
Any citizen can buy a "Police Scanner" to listen to their chatter. This should be no different. Watch the watchers.
Alas, most cop shops have moved on to encrypted digital radio, and they only give scanners to their trusted media toadies.
All the circumstances (Score:2)
I definitely don't know all the circumstances so it's hard to judge, but perhaps CPU processing capacity was not the limiting factor.
I imagine most likely it was because the builder wanted to use off-the shelf components, but it might also be because the communications links are low bandwidth and they did not want to incur the overhead of encryption or they thought that they needed to send data in blocks (CBC I think) rather than adopting a streaming form of encryption (there are lots to choose from [stackoverflow.com]) And t
Drone The Bohemian Grove 2016! (Score:1)