Can Drones Be Hacked? Ways, Tips, History

Can Drones Be Hacked? Ways, Tips, History Drone News
Can Drones Be Hacked Ways, Tips, History

There are more and more drones (quadrocopters) in the sky, and they are gradually “getting smarter”, and progressively more functional. Drones of this types are not only enjoyment, but they help sportsmen, photographers, scientists and, of course , attackers of most kinds. With the help of drones, unauthorized surveillance of individuals, industrial and other items is often carried out. There are companies that began to create protective machines against drones, allowing you to land the device or seize control over it. We can say that drone manufacturers are also looking to protect their gadgets from interception. However , this is simply not so easy, especially if the actual experts in their industry address the issue.

So Can Drones Be Hacked? Yes, drones can be hacked very easily today, which means the „attacker“ can take control over your drone in just a few seconds. Some of the strategies that can be used to compromise a drone are usually: GPS-spoofing, vulnerability of the mobile applications, by WiFi transmitter, by electron guns and so on.

In the market appeared details that the research group has created a system which allows you to seize control over almost any drone. Furthermore, this does not require an electromagnetic gun, the permission of the authorities or another thing. It is enough to utilize a specially modified control panel. Specifically, this type of compromise allows you to take control of rhyme with any marketing communications protocol DSMX. This particular protocol is used not just for data exchange with drone, but it is also used for dealing with radio-controlled cars, boats, helicopters, etc .

This method proposed simply by experts, allows you not only to intercept manage, but also to form a “ digital fingerprint”, unique for each device. This particular fingerprint can be used to differentiate “one’ s” device from “another’ s” and form a list of trusted systems. The technology does not involve the use of a jammer that blocks communication between your drone and the device. Instead, a complete control interception is utilized while maintaining the functionality of another’ t drone.

This process is not something new. It is often used by some cybercriminals and information security experts for a fairly long time, without producing the method widely known. In the conference, this method was first discussed, providing a nearly complete technical description. So , to intercept control over an unfamiliar drone, Anderssen uses a time attack (timing attack), synchronizing the frequency of the transmission device emitter with the frequency of the drone’ beds radio module within automatic mode. Following that, a malicious packet is sent to the particular drone, which pushes the alien gadget to ignore instructions from the “ native” controller and start listening to commands from the attacker’ s controller.

Treadmill Hacking Using Attacker’s Controller

It is clear that now devices such as what Andersson demonstrated are not well known towards the general public. But a radio technician can certainly create such a device, knowing the features of the communication protocol between the drone and the control. Perhaps after this demonstration there will be companies and individual craftsmen who will sell controllers meant for intercepting other people’ s drones. According to experts, there is nothing especially complicated about this. The vulnerability that clears the ability to control various other people’ s gadgets is contained in the systems of almost all radio-controlled devices that assistance the DSMx protocol.

Of course , this method can be used not only by attackers. Law enforcers, noticing a violation by a radio-controlled gadget, can also use this solution to intercept an burglar. The owners of any property (houses, land, etc . ) can do the same, getting control of a drone or drones that will invade other people’ s property. According to Andersson, it is out of the question to solve the situation with interception of drones right now – this vulnerability is relevant for several models of radio-controlled products. Their manufacturers will not be able to quickly replace the protocol or type of radio-controlled module that is installed in the device. The solution may be the release of such segments, the firmware of which can be updated. But it is both costly and long.

Experts also argue that time attack demonstrated by Anderssen affects all modern radio-controlled systems. To carry out such an assault, you need a little information about the device of radio-controlled devices and protocols that are used to transfer data over a wi-fi network, as well as electronic components worth about $ 100. The most interesting thing is that the second attacker can use a similar system to crack the first, which usually, in turn, took control over someone else’ ersus drone.

Can Drones Be Hacked Ways and Tips

Another type of hack is used, based on the vulnerability of Xbee chips. They are set up in a large number of different models of radio-controlled gadgets. Chip data encryption is supported, but in many cases, programmers disable it. For this reason an attacker may crack a rhyme with such a chip from a distance of several kilometers. The only method to protect, according to the writer of this method of hacking, is to use data encryption.

Making use of Electron Guns to Hack Drones

A simpler way of influencing the rhyme is an electron weapon. Batelle has already made several such products. The most effective can be called a gun DroneDefender. With its help, you can make a radio silence area around the drone. The gun generates a powerful radio signal that interrupts the signal from the drone. In addition , GPS or GLONASS positioning can be violated.

Electron Gun to Hack Drones
Electron Gun for Hacking Drones

In 2016, the few company introduced the “radio gun”, which also creates powerful interference across the entire radio spectrum around the drone. The difference between the gun and DroneDefender is the ability to determine the type of signal transmitted by the drone, creating interference only for the used radio frequency. A gun can even transmit commands, including “ home” and “ land. ” Teams are suitable for a large number of drone models. Perhaps the most unusual way to neutralize a drone is to “hunt” a drone using another drone and a network. A “cop” drone carries a network that is thrown at an intruder drone. In case of a successful maneuver, the intruder can be neutralized.

Drone Takeover Completed in 11 milliseconds

A researcher specializing in computer security has developed a box capable of intercepting the connection between a drone and its radio remote control to allow control of it in flight. Now drones are used in various situations, but security experts have revealed drone vulnerabilities. In just 11 milliseconds, an expensive drone could be hijacked. Recently drones are used everywhere. Amazon uses a drone to deliver items. Filmmakers and the media flew the camera on the sky to shoot an attractive bird’ s-eye view. Cyber ​​enthusiasts who are willing to pay more than $500 for smart toys enjoy sky exploration and aerial photography. But what if for some reason the controller stops functioning in the middle of the air?

It is not a firmware bug, neither is it a controller failure. The drone was hijacked. Security expert Jonathan Andersson proved at the Security Analyst Summit that a skilled person can create a device that may take over a drone in a matter of seconds . He created takeover devices using software-defined radio (SDR), drone controllers, microcomputers, along with other electronic devices. This device was named Icarus. Mr. Anderson used SDR to find the signal transmission method through learning from mistakes according to the communication frequency between the drone and the controller.

After all, the frequency changes one after another every 11 milliseconds. Once you are successful, the path to dominate the drone is clear. All smart toy developers work with a similar protocol. Consequently, the drone’ s legitimate controller cannot be used, and the hijacker controller takes control in no time. This threat can affect the entire drone industry, from cheap toys to expensive and professional drones. This is because drones and controllers use data transfer protocols that are vulnerable to similar attacks. This is a problem that can be solved by changing to strong cryptography, but since many controllers do not support software updates, it will likely be difficult in practice. In addition , strong cryptography requires significant computing power, which increases controller and drone power consumption.

Icarus, the case where you can hack any drone in full flight

Way to Hack a Drone In Less Than 1 Sec
On the left, the target of the attack remote ( target ) that controls the drone. On the right, the remote control linked to the Icarus box that attacks the DSMx communication protocol and takes get a handle on of the device

Many Drones Use the DSMx Protocol

Icarus exploits a second flaw through which data packets for the takeover just take precedence over those of the original handy remote control. As can be seen in this demonstration video posted on YouTube, when the hijacking is operational, only the handheld remote control associated with the hacking box is active. In addition , the operation can be performed while the aircraft is in full flight.

Many technical solutions are being studied in order to put a drone out of service without reaching such extremes. It can include utilizing a jammer (or  jammer ) or sending another drone with a net to capture it. In holland, police have even successfully tested the usage of an eagle to capture drones. The Icarus solution has the advantage of having the ability to control the machine with no risk of damaging it or injuring somebody by causing an accident. The downside, this revolutionary product could also make the happiness of malicious people.

What is a Drone Jack?

Whenever a plane is hijacked by a terrorist group, you don’ t know where to go and what dangers will occur. Also, when a computer is taken over by a cyber attack, it shows various behaviors which have nothing to do with your will. Recently, drones (UAVs) that fly on the air are rapidly spreading and are not only enjoyed as a spare time activity but also used in various places such as delivery and media photography. But what happens in case a drone is bought out? Let’ s have a look at this “Drone Jack“.

„Drone Jack“ is a phenomenon where the drone you are operating suddenly becomes uncontrollable by yourself, whether it is a spare time activity or work, and you are taken over by someone else’ s control. How does the drone jack, which exploits cyber attacks including unauthorized access, work? To explain in simple terms, drone jacks are performed as follows. Decrypt communication between drone and controller. Send a fake command to a drone on a computer with a transmitter. In several drones, it is said that we now have many cases where communication with the controller is not encrypted or only a mechanism that can easily break through is implemented. In such a state, it is said that it is relatively easy to test unauthorized access.

Drone Jack Attack Case

Venezuela (August 2018)

The foremost is a case in Venezuela that occurred in 2018. This is that the country’ s President Maduro was about to be assassinated by a drone carrying explosives during a ceremony in the capital. In this case, it is said that two drones were used.

Japan (April 2015)

In Japan, an example of 2015 was a drone falling on the roof of the prime minister’ s official residence. Although it has been reported that the aircraft was marked with radiation marks and smoke cylinders, it absolutely was not particularly dangerous.

Police Drone Hacked With $40 Equipment

Police Drone Hacked With $40 Equipment

The researchers discovered two vulnerabilities that made hijacking of drones even possible. Firstly, very weak encryption is used for Wi-Fi communication between the drone control module and the operator’s device: it has long been known that WEP can be opened in seconds. This weakness can be exploited at a distance of 100 meters from the drone. That is, the attacker can infiltrate the connection between the drone and its operator, send a malicious command to the UAV and simply disconnect it from the home network.

Secondly, the Xbee chip, which can be used by many UAV models, is unsafe. Although Xbee supports encryption, due to performance issues, so that you can find no delays between the operator’s commands and the drone’s response, it’s completely disabled. Thanks to this, an attacker can execute a man-in-the-middle attack, being at a distance of two kilometers from the drone.

“An attacker can redirect packets, block the [real] operator, or simply pass all packets through himself, but I do believe most attackers would simply steal a drone, ” the researcher said.

You can protect yourself from hijacking or hacking a drone, according to Roddy. To do this, it is enough to make sure that all communications between the aircraft and the operator’s application are securely encrypted.

Hisotry of Hacking Drone Incidents

It is very strange that at hacker conferences there were one and a half speeches on hacking drones.
I fussed around and made a selection of all available hacking cases. Both military and civilian.

Some facts:

  • Today, significantly more than 70 countries produce unmanned aerial vehicles (drones) for the wants of the army, police, the Ministry of Emergencies, etc .
  • 127, 000 drones soldon eBay from March 2014 to February 2015
  • The warrior now has about 20, 000 drones
  • 10 real and 2 invented cases of drone hacking.

2009

Location: Iraq, Afghanistan
Model: Predator unmanned aircraft (US $ 4. 03 million, 2010)
Burglar: Iraqi hackers
Vulnerability: data transmission channel from UAVs to the receiver

First time the US military in Iraq faced video capture in 2008, when a rebel was taken prisoner, on whose laptop were stored pictures obtained from American drones. In summer time of 2009, computers were also discovered with several hours of video recordings from UAVs.

According to the newspaper, citing data from senior military officials and intelligence officials, the rebels used unprotected communication channels with UAVs for video capture. At the same time, they used software such as, for example , SkyGrabber, which can be bought over the Internet for only $ 25. 95. SkyGrabber, according to the description of the Russian manufacturer SkySoftware, “ receives and processes the traffic transmitted from the satellite, extracts files from it and saves them to your hard drive in accordance with the configured filters. ”

2011

Location : Iran
Model : RQ-170 Sentinel
Cracker : Persian specialists
Vulnerability : GPS-spoofing

Iran presented to the media a press release that spoke about the successful interception of an American unmanned aerial vehicle such as the RQ-170 Sentinel. Among other versions of the interception of the device, there clearly was one that related to the usage of special electronics, which drowned out the GPS satellite signal and replaced it with its own. Due to these actions, the drone automatically, guided by the world wide navigation system, started to return home. Considering that the true signal of the satellites was drowned out by a false one, the RQ-170 sat on the Iranian airfield, taking it because of its “ native” one. However , this is merely a version, although quite plausible. The first reports of this method of interception came soon after the publication of the press release and they were made with reference to a specific Iranian engineer, Iranians are constantly trolling Americans. First, they wanted to massively sell toy RQ-170 Sentinel at a scale of 1: 80, and in 2014 they saw a full-size copy of an article on Habr with a discussion of the possibility of hacking the Global positioning system unit RQ-170

2012

Location : Moscow, PHD
Model : AR. Drone
Burglar : Sergey Azovskov aka LAST_G
Vulnerability : vulnerability of a mobile application

According to the competition, the organizers launched a miniature aircraft controlled from a smartphone via a Wi-Fi network. Participants were invited to connect to the drone using their own programming knowledge, to deprive the organizers of the ability to get a handle on the device and switch control to their smartphone. According to Azovskov, the method of depriving the organizers of the rights to control the drone did not cause serious difficulties.

2013

Model: AR. Drone
Burglar: Samy Kamkar
Method: Aircrack-ng , Raspberry Pi installed on the drone, WiFi transmitter and receiver:

Kamkar said he used the Aircrack-ng utility to break in to a wireless network, and quadrocopters the network was able to detect because of the features of their MAC address. All quadrocopters of this type have the same type of address, which makes it possible to tell apart them from other wireless devices. SkyJack monitors the MAC addresses of Wi-Fi networks in the signal coverage area, and then blocks them using its drone and disconnects the device that it was controlled from the iOS or Android device. From then on, the hacker can control the direction, speed and altitude of the drone, as well as receive images from cameras.

2014

Location: United States
Drones: Parrot AR. Drone and DJI Phantom
Hackers: Hack5 YouTube Channel Leaders
Method: WiFi Pineapple

WiFi Pineapple is just a product of enterprising Americans who ordered a Wi-Fi router with two wireless interfaces and one wired from the Chinese, wrote firmware because of it based on OpenWRT and stuffed it with utilities for hacking / intercepting and analyzing traffic. The presenters fastened the WiFi Pineapple to the DJI Phantom and then chased the AR. Drone and knocked it out.

2015

Cracker: Rahul Sasi
Target: Parrot AR. Drone 2 . 0 and DJI Phantom
Vulnerability: ARM Linux

Sashi applied reverse engineering to the proprietary AR Drone program. elf Researcher claims that a “combined” attack using Maldrone and Skyjack will allow to intercept multiple targets and thus create a whole squadron of zombie drones. Given the growing interest in civilian UAVs from corporations such as DHL and Amazon, the picture is truly sinister. Additionally , using Maldrone, an attacker can not only hijack the drones themselves, but also spy through the built-in cameras, intercepting video traffic from the attacked devices.

“After my malware attacks the controllers, the engines stop and the drone starts to fall down with a brick, ” the researcher explains. “However, the backdoor instantly takes get a handle on, and if the height is really big, there is certainly enough time to avoid a fall. ”

Conclusion

As we is able to see drone hacking is not a problem for today technology. There are devices that can take control of a drone in just a couple of seconds. Therefore , there is still plenty of space to work on to make drones safer. I also described some of the most important historical events where drones were hacked and used for malicious purposes. If you would like to comment on this topic or add something of your own, feel absolve to leave a comment below.

Rate article
Summer Of Drones
Add a comment