No Need To Shoot Down Drones – Just Hijack Them

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A security researcher has devised a method of hijacking a wide variety of radio- controlled airplanes, helicopters, cars, boats and other devices that use a popular wireless transmission technology.

The attack was developed by Jonathan Andersson, manager of the Advanced Security Research Group at Trend Micro DVLabs, and targets a "wideband, frequency-agile 2.4GHz signal protocol" called DSMx. This protocol is used in radio-control (R/C) toys, including in drones, that are owned by millions of users.

Andersson's attack exploits weaknesses in DSMx and was presented in detail recently at the PacSec security conference in Tokyo. The researcher built a device that he dubbed Icarus, using off-the-shelf electronic components and software-defined radio (SDR). With it, he can take over the control of drones or other R/C devices and lock out their real owners in seconds.

The hijacking is possible because the various bits of secret information needed to pair a remote transmitter to a DSMx receiver can be extracted from the protocol or can be brute-forced, the researcher explained in his presentation. Furthermore, a timing vulnerability allows sending control packets before the legitimate transmitter, causing the receiver to ignore the latter.

Hobbyist R/C airplanes, helicopters and other flying drones are increasingly causing problems for manned aircraft and even for homeowners who feel that their privacy is being invaded when these devices are flown close to their property. There are certain no-fly areas for drones, for example near airports, but some users ignore these restrictions.

The rising number of drone sightings in no-fly areas and of near-miss incidents between drones and manned aircraft have led regulators in the US and Europe to consider legislation that would restrict the use of such devices. It has also led to the development of commercial solutions for disabling in-flight drones. There have even been reports of people, including police, shooting down drones.

Hijacking drones and landing them safely instead of shooting them down and damaging them is a more elegant solution and could make possible trespassing investigations easier. Andersson noted in his presentation that his technique can also be used to passively monitor areas for unwanted drone activity and to record unique drone IDs that could later be used to identify their owners.

Computerworld
 

« US Banking Regulator Suffers A Major Breach of Confidential Data
How Did WikiLeaks Get Clinton's Emails? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Team Cymru Research NFP

Team Cymru Research NFP

Team Cymru Research is a group of technologists passionate about making the Internet more secure and dedicated to that goal.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

NetMonastery DNIF

NetMonastery DNIF

NetMonastery is a network security company which assists enterprises in securing their network and applications by detecting threats in real time.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Right-Hand Cybersecurity

Right-Hand Cybersecurity

Right-Hand Cybersecurity empowers businesses to monitor, measure and mitigate employee induced cyber risks in real-time.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

Guardio

Guardio

Guardio develop tools and products to combat modern web and browser threats.

Tetrate.io

Tetrate.io

Tetrate Service Bridge provides enterprises with a consistent, unified way to connect and secure services across an entire mesh-managed environment.

BluTinuity

BluTinuity

BluTinuity is a premier management consulting firm with a passion for information security, business continuity, incident response, disaster recovery, and HIPAA security.

Operant Networks

Operant Networks

Operant Networks mission is to provide Operational Technology (OT) teams with solutions that simplify their increasingly complex worlds.