Interesting discussion! Makes me wonder 4 years post the last comment, what has been the conclusion in terms of encryption on low-cost radios? Do we already have it, or yet pondering on a genius idea to make it happen, coz even Google is unable to answer this query to me.
Good read. Personally I will be moving to cellular based radios as soon as I have enough experience and time. When the first documented easy to use device to do exactly what's described in the article comes up, I hope that will highlight this issue enough so that encryption can be developed. Also I realise that many might not see this as an issue at all, since there are no known incidents yet (AFAIK - and I sort of agree), but it just doesn't feel right to be this vulnerable with multi thousand dollar equipment.
Encryption, correctly implemented, prevents someone from comprehending the contents of the messages being sent.
Authentication, correctly implemented, allows the recipient to trust that the sender actually sent the message that was received.
It is common to mix the two; after an initial exchange that establishes authenticity, knowledge of the encryption key by the sender is treated as authentication by the recipient. However, this glosses over the initial exchange, and it also omits any protection against replay of a previously-authentic message (or suppression of authentic messages) by an attacker.
The 3DR radios don't have the computational resources to implement a sufficiently secure link; they are basically tapped out with their current functionality. Building a secure link is going to require a new (and more expensive) hardware platform.
Kind of surprised the radios are still unencrypted?!?
The AES-256 code and examples are available for the chip, it would be trivial to implement it.
Even without rfcat or some fancy spectrum analyzer someone can still simply scan through the 256 ID codes and gain control of your plane? There's probably an even easier method if you want to poke around in the code a bit.
With the HopeRF RFM22BP module available it won't cost someone more than $20-30 to spam out 1W from a high gain antenna and snatch up people's planes.
Where are you guys located at BTW? I offer free security checks in exchange for a plane or quad, LOL!
Replies
Interesting discussion! Makes me wonder 4 years post the last comment, what has been the conclusion in terms of encryption on low-cost radios? Do we already have it, or yet pondering on a genius idea to make it happen, coz even Google is unable to answer this query to me.
how to hijack a drone over telemetry , and prevent it;
http://madhacker.org/?p=13
Good read. Personally I will be moving to cellular based radios as soon as I have enough experience and time. When the first documented easy to use device to do exactly what's described in the article comes up, I hope that will highlight this issue enough so that encryption can be developed. Also I realise that many might not see this as an issue at all, since there are no known incidents yet (AFAIK - and I sort of agree), but it just doesn't feel right to be this vulnerable with multi thousand dollar equipment.
Hi,
I am working on new communication module (telemetry + RC control) compatible to 3DRadio dedicated to APM.
More info here
CPU is STM32F103 with enough computing power and memory to implement encryption.
If anyone is interesting in cooperate - please PM or e-mail me: marekm(at)hot(dot)pl
Marek
Why is the post by Michael Zietlow deleated ?
And does anyone take the huge security flaw/lack seriously ?
There seems to be some confusion here.
Encryption, correctly implemented, prevents someone from comprehending the contents of the messages being sent.
Authentication, correctly implemented, allows the recipient to trust that the sender actually sent the message that was received.
It is common to mix the two; after an initial exchange that establishes authenticity, knowledge of the encryption key by the sender is treated as authentication by the recipient. However, this glosses over the initial exchange, and it also omits any protection against replay of a previously-authentic message (or suppression of authentic messages) by an attacker.
The 3DR radios don't have the computational resources to implement a sufficiently secure link; they are basically tapped out with their current functionality. Building a secure link is going to require a new (and more expensive) hardware platform.
Kind of surprised the radios are still unencrypted?!?
The AES-256 code and examples are available for the chip, it would be trivial to implement it.
Even without rfcat or some fancy spectrum analyzer someone can still simply scan through the 256 ID codes and gain control of your plane? There's probably an even easier method if you want to poke around in the code a bit.
With the HopeRF RFM22BP module available it won't cost someone more than $20-30 to spam out 1W from a high gain antenna and snatch up people's planes.
Where are you guys located at BTW? I offer free security checks in exchange for a plane or quad, LOL!
Can we please use a separate topic for encryption of video links? This is about the 3DR-radios. Thanks!
Some stuff to read...
http://rf.harris.com/media/Acropolis_tcm26-9013.pdf
http://www.altera.com/products/ip/ampp/dcrypt/dcrypt.html
http://www.maximintegrated.com/datasheet/index.mvp/id/6479?utm_expi...
there is no denying, we need encryption.
It would take a lot to prove that a bad situation was *not* caused by the pilot, who, after all - is responsible.