Stories
Slash Boxes
Comments

SoylentNews is people

High-End Police Drone can be Hacked with $40 Worth of Equipment

posted by CoolHand on Friday March 04 2016, @12:22AM   Printer-friendly
from the super-secure-surveillance-ship dept.

takyon writes:

An unspecified €20,000 unmanned aerial vehicle used by Dutch police for surveillance can be hacked by sending commands using an 868 MHz link to the Xbee chip inside the drone:

A security researcher has reported finding a way to hijack a high-end drone, using parts costing as little as $40 (£29). The expert says it is possible to start the octocopter's engines, engage auto-takeoff, control its camera and, potentially, crash the machine. He will present his findings at the RSA security conference in San Francisco, and has published a thesis [auto-downloading PDF]. The drone's manufacturer has been informed. However, the researcher told Wired magazine there would be "no easy fix" to the problem, meaning units might have to be recalled for a hardware update.

Nils Rodday is currently a security consultant at IBM, but carried out his research at the Netherlands' University of Twente. His work focused on an unmanned aerial vehicle (UAV) used by the Dutch police force for surveillance. He said it cost about 20,000 euros ($21,700; £15,400).

[...] Mr Rodday focused on its use of a telemetry module fitted with an Xbee radio chip, made by the company Digi International.
The module converts wi-fi commands sent by a computer app into low frequency radio waves, which are then transmitted to another Xbee chip on the drone. This allows the operator to control it from a greater distance than would otherwise be possible. To achieve the hack, Mr Rodday required two Xbee chips of his own, among other low-cost components, as well as the use of a computer. The hack consisted of two parts:

  • Intercepting the initial wi-fi connection and displacing the legitimate user. Since the link was only protected by an encryption protocol with known vulnerabilities, Mr Rodday said he could crack it in little time
  • Transmitting his own commands to the drone's Xbee chip

The second step had been relatively easy, Mr Rodday said, because the drone-maker had opted not to make use of Xbee's built-in encryption features. The reason for this was that they would have extended the lag between the operator sending a command and the drone reacting.

Original Submission

 
This discussion has been archived. No new comments can be posted.
High-End Police Drone can be Hacked with $40 Worth of Equipment | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Gravis on Friday March 04 2016, @12:59AM

    by Gravis (4596) on Friday March 04 2016, @12:59AM (#313376)

    what the hell do the police need with a UAV?

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday March 04 2016, @01:16AM

    by Anonymous Coward on Friday March 04 2016, @01:16AM (#313379)

    When they need to follow that white SUV, it will be cheaper with a UAV than with a piloted helicopter.

    • (Score: 2) by bob_super on Friday March 04 2016, @01:56AM

      by bob_super (1357) on Friday March 04 2016, @01:56AM (#313385)

      Dutch police doesn't need to follow SUVs. They just wait until they get stuck somewhere not designed for their size.

      BRB, I need to get back to my net-launcher design. I smell money...