No Need To Shoot Down Drones – Just Hijack Them

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A security researcher has devised a method of hijacking a wide variety of radio- controlled airplanes, helicopters, cars, boats and other devices that use a popular wireless transmission technology.

The attack was developed by Jonathan Andersson, manager of the Advanced Security Research Group at Trend Micro DVLabs, and targets a "wideband, frequency-agile 2.4GHz signal protocol" called DSMx. This protocol is used in radio-control (R/C) toys, including in drones, that are owned by millions of users.

Andersson's attack exploits weaknesses in DSMx and was presented in detail recently at the PacSec security conference in Tokyo. The researcher built a device that he dubbed Icarus, using off-the-shelf electronic components and software-defined radio (SDR). With it, he can take over the control of drones or other R/C devices and lock out their real owners in seconds.

The hijacking is possible because the various bits of secret information needed to pair a remote transmitter to a DSMx receiver can be extracted from the protocol or can be brute-forced, the researcher explained in his presentation. Furthermore, a timing vulnerability allows sending control packets before the legitimate transmitter, causing the receiver to ignore the latter.

Hobbyist R/C airplanes, helicopters and other flying drones are increasingly causing problems for manned aircraft and even for homeowners who feel that their privacy is being invaded when these devices are flown close to their property. There are certain no-fly areas for drones, for example near airports, but some users ignore these restrictions.

The rising number of drone sightings in no-fly areas and of near-miss incidents between drones and manned aircraft have led regulators in the US and Europe to consider legislation that would restrict the use of such devices. It has also led to the development of commercial solutions for disabling in-flight drones. There have even been reports of people, including police, shooting down drones.

Hijacking drones and landing them safely instead of shooting them down and damaging them is a more elegant solution and could make possible trespassing investigations easier. Andersson noted in his presentation that his technique can also be used to passively monitor areas for unwanted drone activity and to record unique drone IDs that could later be used to identify their owners.

Computerworld
 

« US Banking Regulator Suffers A Major Breach of Confidential Data
How Did WikiLeaks Get Clinton's Emails? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Minerva Labs

Minerva Labs

Minerva’s patent pending solution keeps malware in a constant sleep state before it can infiltrate your network and cause any damage.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

CyVolve

CyVolve

Cyvolve is the next great leap forward in data security, ensuring constant encryption and pervasive control over all your data.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

IMQ Group

IMQ Group

IMQ is one of Europe’s top players in the field of conformity assessment. We offer certification services to support all the major sectors of the manufacturing and service industries.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

Blackwell Security

Blackwell Security

Blackwell is a driving force in healthcare cybersecurity, transforming how security operations are conducted within this critical sector.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.