Affected drones can't be patched, researcher says

Mar 4, 2016 14:34 GMT  ·  By Catalin Cimpanu

At this year's RSA security conference in San Francisco, Dutch security researcher Nils Rodday, currently working for IBM, has revealed a method of hacking high-end drones using cheap custom-built hacking kits that cost around $40 (€36.5).

Rodday conducted his research in this field as a student at the University of Twente in Holland, when a UAV (Unmanned Air Vehicle) manufacturer approached the university to have its products tested.

The UAVs that Rodday got to play with weren't your run-of-the-mill drones, but actual high-end quadcopters sold to police forces, fire departments, and government agencies, for prices ranging from $35,000 to $40,000 (€32,000 to €36,500).

Full article here ...

Also  this Wired magazine article:


Some  over sensationalism and old news, in my opinion, given most telemetry protocols so far have not been designed to be secure in the first place. (e.g. HopeRF radios, Mavlink). So sort of like announcing that some  houses with no door locks can be broken into: 1. Locate a door. 2: Push open the door. That said it appears there was at least Wifi WEP at play here, along with Xbees ...

Also a  bit difficult to  understand how that  "police drone"  could have been sold for $30,000-$35,000. Looks like run of the mill,  Tarot type frame, motors, etc ... X8, $2,000 or so at most?

Eagerly anticipating the great work being done on Mavlink2 at DroneCode!

E-mail me when people leave their comments –

You need to be a member of diydrones to add comments!

Join diydrones


  • Even more shocking with extensive research I have determined you can break into some  fire trucks and police cars. Apparently the locks are easy to break and sometimes aren't even engaged. Everyone feel free to  panic now.

  • Hmmm...

    "Rodday found that the UAV he studied has two serious security oversights: First, the Wi-Fi connection between its telemetry module and a user’s tablet uses weak “WEP” or “wired-equivalent privacy” encryption, a protocol long known to be crackable in seconds. That would allow any attacker in Wi-Fi range to break into that connection and send a so-called “deauth” command that kicks the drone’s owner off the network."

    breack telemetry flow as drone control way? lol =)))))))

    Breaking WEP in Under a Minute - Schneier on Security
  • Anyone who spent 35k on a drone with Xbee got ripped off. 

  • Headline:  "Robbers discover it's easy to break into houses with unlocked doors.  Details within!"

  • Remember a lot of "high end" drones are consumer drones wrapped in the emperor's new clothes.

This reply was deleted.