Security researcher Nils Rodday reveals how a police drone, despite its high-tech and pricey features, can be easily attacked by a hijacker.
At the RSA security conference held in San Francisco, Rodday, who also works for IBM, demonstrated the vulnerability in at least one model of government-owned drones. The manufacturer's name was not revealed as part of the non-disclosure agreement signed by the security researcher.
Rodday discussed (PDF) how the drone model has serious vulnerabilities in its security that makes it an easy target for a hacker who could be more than a mile away.
By simply using a laptop and connecting a cheap radio chip through USB, the hacker can easily exploit the telemetry box's lack of encryption. Once in the system, the hacker can reverse engineer the flight software, and impersonate the controller in order to manipulate the drone's navigation commands. Eventually, the intruder can block all incoming commands from the rightful operator of the drone.
With the vulnerability, Rodday said a hacker can easily inject packets and change waypoints. There is also the ability to alter data on the flight computer and make a different coming home setting. Basically, a hacker can do everything that the original operator is doing.
He also revealed his findings to the drone's manufacturer. The unnamed company reportedly lended the security researcher the high-priced quadcopter for the purpose of testing the system as part of the non-disclosure agreement.
The security researcher had somehow hinted that the quadcopter he tested measures 3 feet wide and has about 40 minutes of flying time capacity. The model is usually deployed by the fire and police departments, although other industries such as windmills, aerial photography and power lines inspection also deploy the device in their respective departments.
Rodday explained that for an attacker to hijack the controls of the drone, he can exploit the Wi-Fi connection, affecting the modules and tablets used. In the same manner, hackers can manipulate the radio protocol, which can jeopardize the communication between the modules and the drones.
Attackers with really serious intent can even go as far as crashing the drones into people or into buildings. Worse, they can use the drones for stealing private information and then sell it on the black market.
While the drone in question can cost as much as $30,000 to $35,000, Rodday said that an attacker will only need hardware parts that cost only $40 in order to set up a professional drone hacking system. He also warns authorities to be extra cautious since the vulnerabilities can be present in a number of expensive and advanced drone models.