Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Hackers can hijack costly drones used by law enforcement agencies

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

April 1, 2016

IBM's top security expert Nils Rodday asserts that hackers can easily hijack expensive, professional drones used widely across the law enforcement, emergency and private sectors because of non existing security encryption in on-board chips used in the drones.

Rodday says the US $28,465 'quadcopters' can be easily hijacked with less than forty dollars of hardware, and some very basic knowledge of radio communications technology.

With that in hand, attackers can commandeer radio links to the drones from up to two kilometres away, and block drone operators from reconnecting to the flying device.

Drones are often used by emergency services across Europe, but the exposure could be much worse. The targeted Xbee chip is common in drones everywhere and Rodday says it's very likely that many more aircraft are widely open to compromise.

The Germany-based scientist worked with the consent and assistance of the unnamed vendor to pry apart the internals of the drone and the Android application which controls it. And many security experts say that Android isn't the most secure operating system either, making a bad situation worse.

He found that security encryption, while supported, wasn't active in the Xbee chips due to performance limitations, and that the WiFi link used to control the aircraft at altitudes below 100 metres was protected by the extremely vulnerable WEP protocol.

Rodday told the BlackHat Asia Security Conference in Singapore that attackers who copy commands from the Android app can fully control the drone, and easily demonstrated that with a start engines directive that fired up the aircraft's rotors.

"You can break the weak WiFi WEP encryption and disconnect their tablet and connect your own, but you have to be within 100 metres," Rodday asserted.

"On the Xbee link, we can perform a man-in-the-middle attack and inject commands between the UAV and the telemetry box from up to two kilometres away," he added.

"An attacker can re-route packets, block out the operator, or let the packets go through, but I guess most attackers would steal it," he told the conference.

The attacker's remote AT commands would be rejected if Xbee encryption was applied, mitigating the man-in-the-middle attack and the ability to snoop on traffic, Rodday told attendees.

The manufacturer which supplied the drone is evaluating Rodday's suggestions about how best to shutter the attack vector, the easiest of which would be to encrypt communications within the firmware on the aircraft and the Android app.

Rodday thanked fellow researchers University of Twente's Professor Dr Aiko Pras and Dr Ricardo de O Schmidt, along with KPMG's Ruud Verbik, Matthieu Paques, Atul Kumar, and Annika Dahms for their assistance in the testing of the drone.

Source: IBM.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer