April 19, 2017

Drone gone in 11 milliseconds


Drones are everywhere nowadays. Amazon delivers packages by drone. Filmmakers and media workers launch cameras into the air to take attractive wide shots. Some enthusiasts who don’t mind paying $500 or more for a smart toy use drones to explore the sky or take video of friends’ weddings.

Drone gone in 11 milliseconds

It’s easy to picture yourself outside with your new $500 drone, launching it into the air and … watching helplessly as the craft flies out of sight, ignoring the controller in your hands.

This is no firmware bug or controller failure: Your drone has been hijacked. At the Security Analyst Summit, security expert Jonathan Andersson proved that a skilled malefactor can make a device that can hijack drones in mere seconds.

Andersson used a software-defined radio (SDR), a drone’s control unit, a microcomputer, and some other electronic equipment to make such a device. He called it Icarus. With the help of the SDR, Andersson tuned to the frequency a drone uses to communicate with its controller, and then he experimented until he found how exactly the signals were transmitted between the devices.

It took a while for Andersson to learn how data transfer works between a drone and its control unit, especially because they hop channels every 11 milliseconds. Nevertheless, if you can do it once, the path to hijacking a drone becomes clear; developers of the smart toys all use similar protocols.

Developers follow the popular security through obscurity method, counting on the complexity of protocols and neglecting strong encryption. Icarus can hack their primitive encryption and send a series of commands to hijack a craft during the 11 milliseconds a device waits before hopping channels.

As a result, the drone’s legitimate controller becomes useless and control goes to the malicious one — literally on the fly. The next video shows how it works in the real world.

Andersson explained that this threat can potentially influence the whole drone industry — from cheap toys to expensive, professional craft — because drones and controller units use data transfer protocols that are vulnerable to the same type of attack.

Stronger encryption could fix the problem, but it’s not that easy — many controllers do not support software updates. Moreover, strong encryption requires substantial computation capacity, which leads to additional energy consumption by the controller and the aircraft. The power problem really complicates the situation: When it comes to drones, every ounce and watt-hour is valuable.

We’d like to believe that developers will solve this problems in the very near future. It’s sad to wave goodbye to a hijacked drone! Filmmakers will be even more sad: Their drones cost thousands and even tens of thousands of dollars — and they’re just as easy to hack.