No Need to Shoot Down Nuisance Drones – Hack Them Instead

/ 7 years ago

No Need to Shoot down Nuisance Drones – Hack Them Instead

The proliferation of consumer drones in the last decade has been a boon for remote-control flying enthusiasts and filmmakers, but not so much for public servants – like police and fire services – not to mention normal people, either concerned for their privacy or just annoyed over the flying devices invading their personal space. In the US, at least, an increasingly common response to nuisance drones is to shoot them out of the sky. New work, undertaken by researchers, though, reveals that there may be a more effective (and more insidious) method of dealing with problem drones: hacking them.

Developed by PacSec Security, the drone hijacker is a radio transmitter that can seize control of any operational drone, even in mid-flight. Once the hijacking device takes control of a drone, the original operator loses all control over it. The hijacking device, which is capable of controlling any drone that communicates over DSMx, was presented by researcher Jonathan Andersson at the PacSec hacking conference in Japan on Wednesday (26th October).

“It’s not a jamming system so I am not competing for control via RF power,” Andersson told Vulture South (via The Register). “Full flight control is achieved with the target experiencing a complete loss of control — it’s a clean switch-over. The range of my proof of concept implementation is equal to a standard DSMx radio transmitter, though standard 2.4GHz ISM band amplification can be applied to extend the range.”

“In the defense and security world, there are people who have done this,” Robi Sen, the founder of counter-drone product maker Department 13, told Ars Technica. “There are also a few hackers who have done this but have not made their research public. To my knowledge, this is the first time that this has all been presented, in a complete package, publicly.”

In addition to drones, vulnerable DSMx-based systems include RC aeroplanes, cars, and boats. While the vulnerability could be remedied by updating the firmware of DSMx receivers, the majority of devices are unable to be accessed in such a manner by users since they are lacking in Wi-Fi or other internet and data transfer connectivity.


“The shared secret (‘secret’ used loosely as it is not encrypted) exchanged is easily reconstructed long after the binding process is complete by observing the protocol and using a couple of brute-force techniques,” Andersson wrote in an e-mail to Ars Technica. “Further, there is a timing attack vulnerability wherein I synchronize to the target radio’s transmissions and transmit a malicious control packet ahead of the target, and the receiver accepts my control information and rejects the target’s.”

“My guess is that it will not be easy to completely remedy the situation,” Andersson added. “The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, [and] transmitters that come with models and standalone receivers. Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side.”

Topics: , , ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram
  • Be Social With eTeknix

    Facebook Twitter YouTube Instagram Reddit RSS Discord Patreon TikTok Twitch
  • Features

Send this to a friend