Surveillance Drones Easily Hacked

• By Sydny Shepard
• Mar 04, 2016

A security researcher from IBM has said that a $20,000 to $35,000 police drone used for surveillance can be hacked with a $40 kit.

Vulnerabilities of the flying machine allow it to be controlled or knocked out of the sky within a mile range. Findings were presented at the RSA security conference in San Francisco on March 2.

Security researcher Nils Rodday showed how flaws in the security of the drone’s radio connection allowed him to take full control over the unmanned machine with just a laptop and a cheap radio chip connected via USB. By exploiting a lack of encryption between the drone and its controller module, any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands while blocking commands from the drone’s original controller.

Rodday, who works with IBM but conducted the drone research while working as a graduate researcher at the University of Twente in the Netherlands, won’t reveal the specific drone he tested or who sells it. He hinted, however, that the drone did have a flying time of about 40 minutes and that it was deployed by many police and fire departments.

Rodday has alerted the drone’s manufacturer to the security flaw s he’s found, and the company plans to fix the issue in the next version of the quadcopter that sells. Since the drones don’t connect to the internet, there isn’t an easy fix for those that have already been manufactured. They can’t just download the new upgrade like we do with our iPhones.