The diffusion of drones is alerting government and authorities, small Unmanned Aerial Vehicles (UAVs) are used more frequently in different sectors.
The security of drones in both military and commercial uses is crucial, these flexible vehicles could be turned in war machines and abused by threat actors to compromise a target.
The White House gets drone defense wake-up call after that a quadcopter drone crashed onto the White House grounds, highlighting the growing security threat posed by small Unmanned Aerial Vehicles (UAVs). While Amazon announces the use of drones for commercial activities and Russian Army announces the expansion of its aerial fleet with a new generation of Corsair reconnaissance drones as early as the end of 2016, the security researcher Rahul Sasi (@fb1h2s) has discovered and exploited a backdoor in the Parrot AR Drones manufactured by a French-based company.
The news is disconcerting, a threat actor could exploit the backdoor to remotely control a flying quadcopter helicopter. The Parrot AR Drone is a quadricopter helicopter that can be easily controlled with a common smartphone, it is a versatile and portable device that can include a wide range of options.
The Security researcher Rahul Sasi designed a malicious code that is able to compromise every drone based on ARM Linux system. The malware, dubbed Maldrone [MALware DRONE], is the first ever backdoor malware written for AR drone ARM Linux system.
“Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick,” Sasi said.”But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing.”
Maldrone is very dangerous, it could be used to remotely hijack drones, Rahul Sasi also provided a video proof-of-concept to demonstrate its efficiency.
“In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone. Once connection is established we can interact with the software as well as drivers/sensors of drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The Backdoor is persistent across resets,” is explained in the video.
According to the researcher, Maldrone can interact with the drone’s device drivers and sensors silently and allow the hacker to control the drone remotely. As a result, Maldrone could be also abused to conduct remote surveillance. Of course, the backdoor could be exploited by attackers within a wireless range.
The Maldrone features described by Sasi in a blog post are:
Maldrone will get silently installed on a drone.
Interact with with the device drivers and sensors silently.
Lets the bot master controller the drone remotely .
Escape from the Drone owner to Bot master.
Spread to other drones *.
Sasi explained that Maldrone is different to previously-disclosed attacks, let’s think to the hack of Amazon UAVs, because it is able to bypass authentication mechanisms in place and does not limit its action to the interference with the signals sent by the command infrastructure. Sasi explained that his attack could be also combined with the Skyjack attack in a way to make the backdoor wormable.
Sasi reversed the proprietary AR Drone firmware in order to discover the vulnerability and develop Maldrone malware. The researcher will present his research at Nullcon next month, he will explain how to hack a drone or access to on board video feeds.
(Security Affairs – Drone, UAV, Maldrone)