Home » Topics » Cybersecurity » Hacker easily hijacks police quadcopter from 2km away

Hacker easily hijacks police quadcopter from 2km away

Avatar photoby Ben Rossi

A researcher has demonstrated how easy it is to steal a $28,000 professional law enforcement drone in seconds using $40 worth of kit, from up to two kilometeres away.

IBM researcher Nils Rodday showed how he could hijack the police quadcopter using the drone's radio connection and a basic knowledge of radio communications, relying on the drone's weak encryption.

At the Black Hat Asia hacking conference, Rodday explained how a flaw gave him the ability to crack into the drone's controller module, known as its telemetry box, by breaking into a user's tablet with easy to crack WEP (Wired-Equivalent Privacy) encryption, and connecting his own tablet.

> See also: Rise of the drones: re-engineering the supply chain for the UK's drone future

He could then exploit the onboard chips used for communication between that telemetry module and the drone, to intercept the device from 2km away. These chips, which are commonly used in all kinds of UAVs (Unmanned Aerial Vehicles) for law enforcement and government, don't include any encryption in order to avoid latency.

This potentially leaves drones open to 'Man in the Middle' attacks where an attacker could pretend to be the software commanding the drone, instead injecting their own navigational controls and blocking commands from the real operator.

At the conference, Rodday could not provide details on the specific drone model he had tested because he had signed a non-disclosure agreement with its manufacturer, but it is one of the higher-end models that are being used today by many professionals in industry and government.

'Rodday's research proves that there are critical issues with what's likely the most expensive drone yet, as well as one that is used for more serious purposes than high-altitude selfies, which needs to be considered seriously,' wrote security analyst Swati Khandelwal at The Hacker News.

It's not the first time drones have been shown to be easily hacked in mid-air. Last January, Indian security researcher Rahul Sasi was able to show how a consumer drone could be disabled in mid-flight by injecting it with malware.

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Hardware

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise