It could be very easy to hijack nearly any drone mid-flight by using the hardware presented by the Trend Micro researcher Jonathan Andersson at the PacSec hacking conference in Japan this week. Andersson, who leads the Trend Micro’s TippingPoint DVLab division, presented a small hardware named Icarus that is able to hijack a variety of popular drones mid-flight, the attacker is able to gain full control of the vehicle by locking the owner out.
According to Andersson, the Icarus box is able to hack into and radio controlled vehicles that run the SMx radio platform. Unfortunately, the SMx radio platform is very popular for drones, it present in vehicles manufactured by many vendors, including Walkera, NineEagles and AirTronics.
“It’s not a jamming system so i am not competing for control via RF power,” Andersson explained to Vulture South.
“Full flight control is achieved with the target experiencing a complete loss of control — it’s a clean switch-over.
“The range of my proof of concept implementation is equal to a standard DSMx radio transmitter, though standard 2.4GHz ISM band amplification can be applied to extend the range.”
The principle behind the Icarus box is simple, the hardware is able to determine the unique shared secret key within the DSMx binding process by monitoring the activity of the component and running a brute force attack. Once the Icarus box grabs the key, the attacker can send malicious packets to lock the legitimate controller out and send his commands.
Below a video PoC of the attack
The only way to protect the drone against such kind of attack is by updating receivers’ firmware protocols, an operation that is not always possible on many drones.
“My guess is that it will not be easy to completely remedy the situation. The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, transmitters that come with models and standalone receivers,” Andersson told Ars Technica.
“Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side.”
Below the slides prepared by Andersson.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.