Drone hacking is becoming Child’s Play

Sander Walters
Aug 3, 2016 · 3 min read

You know what really strikes me about a lot of the drone hacks we’ve seen lately? It just get too easy. I mean we’re seeing a huge number of new attacks published at every security conference. Last RSA Conference a security researcher reported finding a way to hijack a high-end drone, using parts costing as little as $40. The expert says it is possible to start the octocopter’s engines, engage auto-takeoff, control its camera and, potentially, crash the machine. The high end drone manufacturer or model was not disclosed, but it cost about $18000 and is in use by police departments all around the world.

Nils Rodday at RSA Con 2016

The problem, now, is that many of these “hacks” have become simple point and shoot affairs using freely available tools. .

In the last case of drone hacking, tools such as “Drone Duel” mean that even if you don’t know the difference between CYRF6936 and NRF24L01 or PPM from PWM, so long as you can stick a wireless USB adapter and copy/paste a python script you can be an instant “drone hacker”.

CX-10 Drone

At ToorCamp 2016, an unknown Chinese benefactor provided all participants with Cheerson CX-10A quadcopters. Cheerson is one of the better-known Chinese manufacturers in the hobby drone industry today, and the small CX-10 is definitely one of the more popular models in their lineup. It’s an excellent starter drone, particularly because it’s so cheap (it costs about $18 on DX). Coincidentally, Michael Ossmann and Dominic Spill gave a talk about hacking those very same quadcopters, and as part of their talk, they released a protocol specification which formalized the packet format used by the drones.

Ubertooth One USB Dongle by Ossman & Spill ($117)

Following the only logical path that made sense at the time, Logan Lamb, Ben Morgan, Marc Newlin challenged them to a duel at high noon. Using Python, cheap nRF24LU1+ dongles hacked together some code to either fly CX-10 drones far, far away, or bring them crashing to the ground.

But the ability of these hackers do not end there, after making a complete reverse engineering and discover that the small drone has a regular microcontroller are preparing to implement new functions from autopilot, swarms of drones that hack other drones.

32bit CPU ARM based CX10 Drone

Meanwhile Fran Brown and his colleague David Latimer designed a hacking UAV dubbed Danger Drone, with it a drone equipped with a tiny PC that run a suite of hacking tools.The drone will be presented at the next Black Hat security conference in Las Vegas next week.