It is often easy to forget that while the majority of drones making the news are operated by hobbyists and amateurs, the US government is rolling out a number of more expensive UAVs for use by first responders and the police. Now, security researcher at IBM, Nils Rodday has potentially thrown a spanner in the works of this, by demonstrating that at least one model of these government standard drones has security vulnerabilities that allow it to be hacked from as far away as a mile, allowing an attacker to seize control of the craft for their own ends or simply cause it to drop from the sky.
The full extent of the vulnerability will be demonstrated by Rodday at the RSA conference this week where he will show how a $30,000 to $35,000 drone can be taken over or knocked out of the sky by a security flaw in its radio connection using just a laptop and a cheap radio chip connected via USB. Due to the fact that the connection between the operator and the drone are left unencrypted to allow commands to be processed more quickly, an attacker who can send the correct sequence of signals to the drone’s telemetry box can impersonate the true operator, locking them out of control of the drone. “You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday says. “Everything the original operator can do, you can do as well.”
With the ongoing fear of irresponsible drone use by hobbyists, it is even more concerning that the expensive drones operated by official bodies are so vulnerable to attack. Should an attacker wish to cause serious harm, it would appear it could be done using a hacked police drone with surprising ease. “If you think as an attacker, someone could do this only for fun, or also to cause harm or to make a mess out of a daily surveillance procedure,” says Rodday.