Security researcher Nils Rodday revealed how flaws in the security of a $30,000 to $35,000 drone’s radio connection allow him to take full control over the quadcopter with just a laptop and a cheap radio chip connected via USB, reported Wired. By exploiting a lack of encryption between the drone and its controller module known as a “telemetry box,” any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator, Wired said. “You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday said. “Everything the original operator can do, you can do as well.”
Rodday, who now works at IBM but conducted his drone research while working as a graduate researcher at the University of Twente in the Netherlands, won’t reveal the specific drone he tested or who sells it. The unnamed aerial vehicle manufacturer had him sign a non-disclosure agreement in return for loaning him the pricey quadcopter for testing. He hinted, however, that the three-foot wide quadcopter has a flying time of around 40 minutes and has been deployed by police and fire departments, though it’s also marketed for use in industrial applications like inspecting power lines and windmills and aerial photography.
Rodday said he’s alerted the drone’s manufacturer to the security flaws he’s found, and the company plans to fix the issue in the next version of the quadcopter that it sells. But there’s no easy fix for the UAVs already in customers’ hands, Rodday said. The quadcopters aren’t connected to the Internet, so they can’t download a security update. Even if the company did release new firmware that could be downloaded to a PC or tablet and installed on the flying machines to enable the encryption on the drones’ Xbee chips, Rodday said that the update would slow down the drone’s responsiveness to commands, which the quadcopter’s manufacturer may be reluctant to do.
Instead, he said that enabling encryption without adding latency would require adding another chip dedicated specifically to those security functions. “A patch over the internet isn’t sufficient,” said Ricardo Schmidt, Rodday’s former advisor at the University of Twente. “The product needs to be recalled.”