In the past, The Hacker News (THN) reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones (MalDrone), or Weaponized drones getting legal, or Drones hacking smartphones.
Security Researcher has showcased a method that can be used to hack and hijack Unmanned Aerial Vehicles (UAVs), more commonly known as DRONES.
- Input/Output Pins
- Multiple sensors onboard
- An accelerometer
- ArduPilotMega (APM) flight controller fitted on a drone he built himself.
- Mission Planner, a full-featured ground station application.
- Capturing, modifying, and injecting a data stream into a telemetry link connection over a serial port.
- Spoofing the connection to the ground station to take complete control of the interface.
The ground station application enables communication with the Drone, which allows the user to wirelessly control the vehicles in the real time.
Insecure Protocols Led to Installation of Malware
Also, Telemetry feeds for wireless remote data transmission, and monitoring of the vehicle could be intercepted and flight route of the Drone are shown a different path.
Researcher’s experiments only targeted drones that fly pre-programmed routes, UAVs specifically used in product delivery systems (such as mail, medical tests and food).
While discussing the cyber attacks on Drones, Petrovsky emphasized that those attacks are happening not because of actual vulnerability in the system, rather because there are design flaws in the UAV systems.
Further he added, “Securing the firmware on embedded UAV modules, using secure bootloaders, and implementing authentication and encryption mechanisms,” could be some points that…
…an attacker can bypass any security measures, as nothing can be completely secured; similarly “Drones don’t necessarily have to be unhackable the goal should be to make them difficult and expensive to hack.”
- How propellers of his Drone can easily shred a stack of papers even at half of the speed needed to take off from the ground.
- Attacks against bootloaders, which are often not locked to signed firmware.
Petrovsky presented his research at the Virus Bulletin conference in Prague.