Hacker proves drone insecurities real

Mar 03, 2016, 3:07 PM EST
Source: Andrew Turner/flickr
Source: Andrew Turner/flickr

On Wednesday, security researcher Nils Rodday illustrated just how real drone vulnerabilities are at San Francisco’s RSA conference. Rodday is an IT security consultant with IBM Germany, and reports say that he conducted his drone research as a graduate student at the University of Twente in the Netherlands and University of Trento in Italy. Having published his findings in a project called "Exploring Security Vulnerabilities of Unmanned Aerial Vehicles”, Rodday shows how the flaws in the radio connection of a $35,000 police drone leave the device open to hackers who might be located more than one mile away. 

Rodday performed this hack to show how it is possible to gain access to the drone by exploiting a lack of encryption between the drone and its telemetry box. Wired explains: “[…] any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator.”

And quotes Rodday: “You can inject packets and alter waypoints, change data on the flight computer, set a different coming home position. Everything the original operator can do, you can do as well.”

This demonstration reinforces many of the fears security experts have voiced about the explosion of drones onto both the commercial and state-based scenes. Yet the technology is here to stay -- Amazon is fleshing out its plans for its drone delivery system, general users continue to purchase drones in droves, and many lawmakers view drones as an enormous boon for police and other law enforcement agencies. In fact, police use of drone tech is expanding on an international level, with law enforcement in countries from Japan to Kazakhstan considering ways to use drones.

While many countries have no choice but to examine how to integrate drones into national and international airspaces, security concerns must be addressed in tandem. Rodday points out that flaws are not necessarily found in drones themselves, but in the insecure radio protocols on which they operate. There is clearly much left to do on both the hardware side and the networking side of drone manufacturing and operation before any such device can be considered secure. The security concerns, as Rodday points out, are not to be underestimated.