cooper Posted April 7, 2014 Share Posted April 7, 2014 According to this article some guy was filming a triathlon event using a drone when, according to the drone operator, it was taken over and flown into the back of the head of one of the athletes. How viable are such attacks? Is the communication channel between the drone and the ground station as open as is suggested here? I can imagine the cheap ones to be limited in that regard, but if you want to get any kind of flying time out of one it tends to hardly qualify as cheap anymore in my book. Thoughts? Quote Link to comment Share on other sites More sharing options...
digininja Posted April 7, 2014 Share Posted April 7, 2014 Depending on the type of drone it can be fairly easy, see this for more info http://samy.pl/skyjack/ Quote Link to comment Share on other sites More sharing options...
madhak Posted April 7, 2014 Share Posted April 7, 2014 Very very unlikely on a large drone. small one you can buy at the store use wifi so these are easy to hack but the large one or even small hobby grade one, not the toy you buy at the store, are very difficult to crack because they all use spread specrum, encoding and pairing handshake that occur only at boot. Hobby and commercial grade drone don't use wifi, toy grade one does, there's many protocol used other than wifi: - a common one is DSSS, DSM. like bluetooth its spread spectrum on the 2.4 band so a ubertooth could be able to crack it although its not an easy task. - UHF are getting increasingly popular due to their long distance capability and opensource parts available, I personally use OpenLRSng which is kick ass btw, fully encrypted, spread spectrum. no way to easily hack that although I came up with a scheme where it would be possible to hijack handshake at boot time but that would mean the pilot would never had control and would have noticed it. - Synthesized AM, pseudo coded, spread spectrum, require a DX in the 70MHz band to do anything meaningful but it would be possible to hijack this one... Finally, regardless if a hacker can crack the communication channel, a crash would be likely and unlikely at the same time, large drone have failsafe and autopilot system, it will take over control if the com channel become erratic. small one would fall like a brick if you were to send a value out of range... My drone use custom hardware between the flight controller and receiver which mean a hacker would need to know how the data translate or he would send unrecognized command and the flight controller would enter failsafe or autopilot mode. I suspect a hacker group would target DJI flight controller as they are the most popular one on both large and small scale hobby and commercial grade platform. I have moved away from these as they are expensive and not open source and there is a conspiracy theory that they release firmware with bug to make you crash so they can sell you parts lol For a large drone with an auto pilot to fall like a brick it would require a motor or power failure, many operator doesn't know their machine well enough to diagnose early sign of failure, the guy said he never crashed in a year, most part on these drone need frequent replacement. I think the guy is simple trying to find a way to not go to jail and blame a hacker instead of taking responsibility. These thing are very dangerous and should not be flown near crowded area at all. Also lot of people assume because they have ore than 4 motor, they have redundancy which is not exactly true, it depend of your flight controler firmware and how much load you carry. Source: I'm a drone pilot since 3 years, I have 7 multirotor drone, large and small one madfpv.com fpvquebec.com basement-rc.com Quote Link to comment Share on other sites More sharing options...
cooper Posted April 7, 2014 Author Share Posted April 7, 2014 Nice! :D Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted April 7, 2014 Share Posted April 7, 2014 Like others have said and even us and Sammy have demonstrated, the consumer grade WiFi stuff is (purposefully) hackable. On the proprietary side even the toys like the Hubsan X4 series use a very basic 12 bit binding sequence. It's easy to have 1 TX takeover another *at RX boot* but once shes airborne there's it's unlikely to switch to another transmitter without a mid flight reboot. We're working on an upcoming drone series (ofc including the pineapple) and will be using DSM2. I haven't seen any hacks for this protocol (though would love to). Quote Link to comment Share on other sites More sharing options...
cooper Posted April 8, 2014 Author Share Posted April 8, 2014 (edited) I haven't seen any hacks for this protocol (though would love to). Start reading here Or here where someone's making his own controller, capable of talking to various drone types - C code is included. Edited April 8, 2014 by Cooper Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.