DIY Device Can Hijack Nearly Any Drone Mid-Flight
A researcher has developed a gadget that is capable of hijacking most drones mid-flight — locking the owner out and giving the attacker complete control over the device.
Jonathan Andersson, a manager at Trend Micro’s TippingPoint DVLab, showed off his findings at the PacSec Security conference on Wednesday.
Andersson calls his gadget Icarus, and it isn’t available to buy — but it’s theoretically replicable by others. It has some pretty obvious benefits to law enforcement, and people trying to protect their property. Pesky drone flying around? Just hijack it and land it safely. But on the flipside, it could also be used for more nefarious purposes.
There are already jamming devices out there that block controlling radio signals, rendering a drone useless. But they don’t give the attacker control like Icarus does. It works by exploiting DMSx, the radio signal protocol that most remote-controlled consumer drones on the market use — letting the hijacker take the reins.
“The shared secret (‘secret’ used loosely as it is not encrypted) exchanged is easily reconstructed long after the binding process is complete by observing the protocol and using a couple of brute-force techniques.” “Further, there is a timing attack vulnerability wherein I synchronize to the target radio’s transmissions and transmit a malicious control packet ahead of the target, and the receiver accepts my control information and rejects the targets.”
Concerningly, it’s not clear whether this is an issue that could ever be fixed or patched. “My guess is that it will not be easy to completely remedy the situation … The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, [and] transmitters that come with models and standalone receivers. Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side.”
And DSMx isn’t just used in drones — meaning other radio-controlled products will also be vulnerable. “It works against all DSMx based radio systems, which would include drones, airplanes, cars, boats, and so on.”
Here’s an online tutorial to build your own Raspberry Pi Drone Hijack Toolkit