Hacker Releases Software to Hijack Commercial Drones

I have some real concerns about this article.  Although this article talks about commercial hijacking, I feel this could very well happen to me and other hobbyists.  And what can DIY Drones help develop to reduce this probability?

http://defensetech.org/2013/12/09/hacker-releases-software-to-hijac...

 

 

Views: 3132

Comment by squilter on December 10, 2013 at 10:05am

Turning other people’s drones into zombies requires a Parrot AR.Drone 2.0 quadricopter, which weighs less than a pound, a Rasberry Pi, a USB battery, an Alfa AWUSO36H wireless transmitter, aircrack-ng, nod-ar-drone, node.js and Kamkar’s SkyJack software, he says on his website.

This was about as technical as the article got.  node-ar-drone and node.js provide an implementation of parrot ar.drone's wifi protocol.  aircrack-ng cracks wifi passwords.  From the sound of this, this hack only targets the ar.drone. 

Preventing hackers is always important. The two obvious places a hacker could take over control signals is by overriding the standard rc radio, or by overriding the 915mhz radio.  The rc radio is a closed loop.  I don't see how a APM software mod can fix any vulnerabilities there.  Authentication and encryption could easily be implemented for the 915mhz modules (but would that be legal?).

An analog video link will always be unencrypted.  No hope of making that safer, either.

Comment by John Githens on December 10, 2013 at 10:08am

Link to comments from "Uncle Bill" (no relation) about the article: http://defensetech.org/2013/12/09/hacker-releases-software-to-hijac...

Comment by Rob_Lefebvre on December 10, 2013 at 11:09am

I've seen this news story before, and it's highly sensational.  It reminds me of the story of how somebody figured out how to hack into a car's computer system and take control and possibly make you crash.  What wasn't prominent in the article was the fact that it could only be done via wired connection. So yes, if you let a hacker sit in your passenger seat with a laptop while you drive around, he could cause you to crash.  Or he could simply grab the steering wheel and make you veer off-course, but that doesn't make for a very interesting news story.

Anyway, this hack is SPECIFICALLY restricted to the AR.Drone.

So yes, if the thought of an army of 1lb foam drones, that have a range of about 5 minutes (?), can't fly in 20mph winds, and that can be defeated with a badminton racket scare you, then you have reason to be afraid. ;)

However, in a general sense, the idea that any drone which is being controlled by computers could be hacked really isn't a surprise.

I am concerned about the fact our telemetry link is completely unprotected.  Somebody can take control of our drones simply by scanning the airwaves, finding your NetID, and then jumping onto that NetID and start sending out "Disarm" commands.  It's not even a hack, really, could probably done by your average 8 year old.


Moderator
Comment by Gary Mortimer on December 10, 2013 at 11:55am

One of the main ways of mitigating risk will be the use of the only frequencies that UA will be allowed to use in the future. The WRC is busy allocating them. You won't be able to spot them on almost household gear then.

Comment by Dave Wicks on December 10, 2013 at 1:11pm
Isn't the AR Drone simply just an unsecured WIFI network? Why is that so impressive of a hack? I get it, the guy is a legit hacker but seriously? What's the big deal? AR Drones are nothing more then glorified toys in comparison to the real deal R/C quads we fly, right?
Comment by robincfey on December 10, 2013 at 4:03pm

i really think all these company's coming out with drone delivery ideas is ludicrous , especially delivering books , the one medium that can easily sent via wireless anywhere in the planet in a matter of seconds , why put a 1kg book on a bloody helicopter risking public safety and wasting a huge amount of resources that a simple ebook upload and download could solve in the time it takes to digitise paper and upload it , as for hacking into drones well, this can be done a number of ways , simply sending a fake gps signal to our big gear is enough to take them out ,at the end of the day we are sending unencrypted signals that can be spoofed and "hacked" this will always be a problem even an encrypted signal can be hacked ,2.4ghz wifi signals being one of the easiest, but who is controlling their $5k octi with wifi??  

Comment by robincfey on December 10, 2013 at 4:09pm
Comment by Bill Patterson on December 10, 2013 at 9:13pm

I don't think delivering books is the killer app...

I think delivering insulin is.

Or Big Macs.

Or Big Macs until you become a diabetic, then insulin.

Comment by Jamie Feldman on December 11, 2013 at 12:53am

The real concern for gps guided drones is gps spoofing.

http://www.rawstory.com/rs/2013/08/04/watch-how-gps-spoofing-can-ta...

is only one such discussion.

I seem to recall thats how Iran catured one of the US drones.

Comment by Brian Stott on December 11, 2013 at 5:28am

@ robincfey

Book delivery isn't the point. The point is that 'Delivery' will happen in some form. Now,  the Goal is Declared. The reason to announce the goal before it is real is to find all the holes and plug them so it becomes REAL. That is what will happen. In the early 1960's it was announced to set a Man on the Moon at a time we were blowing up rockets on the launch pad.

Robots are now emerging. The age of the Machine.

Comment

You need to be a member of DIY Drones to add comments!

Join DIY Drones

Groups

Season Two of the Trust Time Trial (T3) Contest 
A list of all T3 contests is here. The current round, the Vertical Horizontal one, is here

© 2019   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service