Welcome Inspire Pilots!
Join our free DJI Inspire community today!
Sign up

Gadget hijacks nearly any drone mid-flight

Security researcher Jonathan Andersson has developed a tidy hardware module capable of fully hijacking a variety of popular drones and remote control gear running over the most popular protocol.

Hacker's Icarus machine steals drones midflight

Oh good Lord. That's some scary monsters right there. Definitely look at this guy's Prezi, I have a CE (10 patents) background and security protocols background (two patents), and this seems legit.
 
This doesn't apply to products with upgradeable firmware - as it clearly states in the article, a simple fimware upgrade will bypass his "Hack"...
 
The "firmware upgrade" you speak of involves changing the transmission to use a key exchange like Diffie-Hellman, and a subsequent stream cipher like AES for the data packets. These are processor-intensive and may not even be feasible if the duty cycle of the main CPU/DSP is already chewed up...
 
This doesn't apply to products with upgradeable firmware
Which is not the case of the equipment used for the demonstration.

Not to mention it's a large undertaking in terms of complexity compared to the affected systems. It's "only a firmware update away", but that firmware could take months/years to be written depending on a given company's resources and would be a major pain to introduce and make sure people use it.
 
Which is not the case of the equipment used for the demonstration.

Not to mention it's a large undertaking in terms of complexity compared to the affected systems. It's "only a firmware update away", but that firmware could take months/years to be written depending on a given company's resources and would be a major pain to introduce and make sure people use it.

It's not surprising to me at all that the DJI and all of the standard controllers like NAVA aren't completely locked-down security-wise. What really surprises me is that even military drones are susceptible to this kind of thing (or were), witness the Iranian takeover/hijacking of a USAF Rq-170 drone... Implementing secure protocols is a) expensive to develop b) consumes CPU (read: power and battery life) and c) hard to get right. I just didn't expect it to be so easy. But at least the attacker needs physical proximity to the flight to achieve this -- it's not like some guy in a building in Xingdao can do this to your flight in New Jersey over the internet or something... hopefully.
 
It's not surprising to me at all that the DJI and all of the standard controllers like NAVA aren't completely locked-down security-wise.
Pretty sure DJI are one of the few that would be encrypted and/or very hard to hack.

it's not like some guy in a building in Xingdao can do this to your flight in New Jersey over the internet or something... hopefully.
Just wait until SDRs are a bit more widespread ;)
 
Pretty sure DJI are one of the few that would be encrypted and/or very hard to hack.


Just wait until SDRs are a bit more widespread ;)

Well the vector and attack surface here is probably better exploited by hacking the controller application (Litchi, DJI Go, etc). Your iphone/ipad *IS* addressable and routable from some guy's desk in Xingdao...
 
Well the vector and attack surface here is probably better exploited by hacking the controller application (Litchi, DJI Go, etc). Your iphone/ipad *IS* addressable and routable from some guy's desk in Xingdao...
But at least you can just pull the plug on the tablet and continue to fly with no tablet connected :)
 
  • Like
Reactions: William Gaddy
But at least you can just pull the plug on the tablet and continue to fly with no tablet connected :)

But once they pwn the app, then they have a vector into the controller itself, and could re-program it... in which case your UAS is still "fuxx0r3d", as they like to say...
 
But once they pwn the app, then they have a vector into the controller itself, and could re-program it... in which case your UAS is still "fuxx0r3d", as they like to say...
But I'm too boring so they will never be interested in my flights! :D
 
I would bet that if the PLA Unit 61398 got a hold of your controller, your flights would become instantly more
"interesting" :)
 
  • Like
Reactions: The Editor
Applies to DSMx only (none of my craft). And massively illegal. Also curious to know why the victim's throttle was at zero.

I don't think Unit 61938 nor the Russians give nary a whit whether aforesaid activity is illegal or not... Good question about the throttle though (good spot, I missed that) -- perhaps to ensure two's-complement zeros in the payload data that they could correlate for their cryptanalysis?

Cheets
 

Members online

Forum statistics

Threads
22,277
Messages
210,655
Members
34,332
Latest member
marve84