UPDATED 05:09 EST / OCTOBER 31 2016

NEWS

New device can hijack consumer drones using widespread vulnerability

A new device revealed at a security conference in Japan last week can hijack consumer drones, by exploiting a vulnerability in the frequency-hopping systems used to protect radio communications between an operator and the drone itself.

The “Icarus” device, a form of radio transmitter, was designed by a researcher at security software maker Trend Micro Inc. to demonstrate that it could be done, and that drone manufacturers need to do more in relation to security. According to Ars Technica, the device can take command of a nearby drone in mid-flight, completely removing all control from the original operator.

The hack works against drones that use DSMx, an advanced form of digital spread modulation whereby the frequency of communications between the remote control and the device changes thousands of times per second so as to avoid interference. Icarus works by finding the unique shared secret key within the communications between the operator and device by observing the protocol and by using brute force.

“It’s not a jamming system so I am not competing for control via RF power,” Jonathan Andersson from Trend Micro told The Register. “Full flight control is achieved with the target experiencing a complete loss of control — it’s a clean switch-over. The range of my proof of concept implementation is equal to a standard DSMx radio transmitter, though standard 2.4GHz ISM band amplification can be applied to extend the range.”

Federal regulators have been keen on making sure drone operators can be identified, including compulsory pilot registration and markings on a given drone so it can be traced back to its owner. That’s ostensibly so an owner of a drone that accidentally or intentionally causes damage or flies into restricted airspace can be identified, but what happens if that drone is hijacked in flight by a third party for nefarious purposes?

While the device is not commercially available, now that it is known that the vulnerability exists, hackers will without question look to replicate it.

Image credit: thespeakernews/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU