This guy claims he can hijack San Francisco’s $35,000 police drones from a mile away

By Lulu Chang March 2, 2016

hacker claims ability to hijack police drones drone

Think drones are scary? Then you might not like the notion of hackable $35,000 police drones flying in your airspace. Unfortunately, that notion is something of a reality — at least according to one hacker who says he’s capable of commandeering a very expensive, very high-tech quadcopter from over a mile away.

On Wednesday’s RSA security conference in San Francisco, security researcher Nils Rodday revealed a number of rather alarming flaws in the city’s advanced, police-grade unmanned aerial vehicles (UAVs) that make it possible for him “to take full control over the quadcopter with just a laptop and a cheap radio chip connected via USB.” Due to the absence of any sort of encryption technology between the drone and its controller (called a “telemetry box,”), taking over one of these UAVs isn’t a particularly complicated process. In fact, if you’re able to reverse engineer the flight software, you’re able to completely hijack the quadcopter, sending your own controls while blocking all signals from the legitimate operator.

Related Videos

“You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position,” Rodday says. “Everything the original operator can do, you can do as well.”

So what’s leading to this massive security flaw? Rodday has narrowed it down to two primary culprits — the weak “WEP” or “wired-equivalent privacy” encryption used to connect the telemetry module and a user’s tablet, and even worse, the incredibly insecure encryption (or lack thereof) that connects the telemetry model to the UAV itself.

Rodday, who now works at IBM, has since informed drone manufacturers to the breaches he’s uncovered, and tells Wired that the company plans to address the issue when it updates its line of drones. But that means that the UAVs already on the market are fair game for hacking, and from quite a distance at that.

This is by no means the first time that the security of such drones has been called into question. A few years ago in 2013, Samy Kamkar, a hacker in his own right, showed how his homemade Raspberry Pi equipped drone could be used to hack into other drones mid-flight. The vast majority of the problems he discovered, he said, were contingent on insecure Wi-Fi connections. “It’s all the same story: really poor authentication or no authentication,” Kamkar told Wired.

So before drones can be used by police, they need to be secured. Because nothing could be worse than a gun-equipped UAV that has been taken over by malicious hackers.

Editors' Recommendations

Topics

Emerging Tech

Pro pilots can now get a 6-mile reach from the Inspire 2 and Matrice 200 drones

dji announces cendence controller and accessories tracktenna 4

DJI users no longer need to use a separate touchscreen device to program their photo settings. On Sunday, April 23, DJI announced the Cendence remote control, a custom-configurable control that allows users to program flight controls as well as camera settings such as ISO and shutter speed. Along with the new controller, the company also announced several other pro-level accessories, including a new high-gain antenna with a range of over six miles, a new series of monitors, and an extended customer service plan ahead of the NAB Show being held from April 24 to April 27 in Las Vegas.

The Cendence is the company’s first multi-platform configurable controller, designed for the Inspire 2 but compatible with DJI’s other pro-level Matrice 2 drones as well. The configurable settings gives drone pilots access to joysticks and control dials to control the drone as well as camera settings, including focus, ISO, shutter speed, and sharpness. The dual dials can also control the pitch and yaw for the drone’s gimbal simultaneously.

Photography

For $75,000, you can get the world’s first broadcast-quality 6K VR drone

flying eye 6k vr drone screen shot 2017 04 16 at 9 35 28 am

This isn't your average drone. Meet the Flying Eye from 360 Designs, heralded as the world's first broadcast-quality 6K VR drone. Capable of streaming live, 6K, 360-degree video over a range of five miles, this may just be the most advanced live-streaming drone on the market.

Much of the Flying Eye's magic depends upon a custom wireless transmission system known as Breeze developed exclusively by 360 Designs. Thanks to this high-tech system, live VR streams can be shared just about anywhere in the world via YouTube, Facebook, or VR headsets, and all in high quality. You'll have a literal sense of what it means to get a bird's eye view of things as you virtually hover over your favorite football stadium, music venue, and more.

Emerging Tech

Watch this guy use a drone to rescue a drone, then drop it from a great height

drones faa refund registration fee flying drone

So your buddy accidentally crashes his quadcopter onto the roof of a tall building. He could probably go and ask the building owner for permission to grab it, but the thought of a rescue attempt using your own bird is a wee bit more exciting.

This is the situation recently faced by a couple of drone enthusiasts in Detroit. YouTuber "Random Axe" filmed the daring rescue effort, though it didn't quite go according to plan.