A researcher has demonstrated how easy it is to steal a $28,000 professional law enforcement drone in seconds using $40 worth of kit, from up to two kilometeres away.
IBM researcher Nils Rodday showed how he could hijack the police quadcopter using the drone's radio connection and a basic knowledge of radio communications, relying on the drone's weak encryption.
At the Black Hat Asia hacking conference, Rodday explained how a flaw gave him the ability to crack into the drone's controller module, known as its telemetry box, by breaking into a user's tablet with easy to crack WEP (Wired-Equivalent Privacy) encryption, and connecting his own tablet.
> See also: Rise of the drones: re-engineering the supply chain for the UK's drone future
He could then exploit the onboard chips used for communication between that telemetry module and the drone, to intercept the device from 2km away. These chips, which are commonly used in all kinds of UAVs (Unmanned Aerial Vehicles) for law enforcement and government, don't include any encryption in order to avoid latency.
This potentially leaves drones open to 'Man in the Middle' attacks where an attacker could pretend to be the software commanding the drone, instead injecting their own navigational controls and blocking commands from the real operator.
At the conference, Rodday could not provide details on the specific drone model he had tested because he had signed a non-disclosure agreement with its manufacturer, but it is one of the higher-end models that are being used today by many professionals in industry and government.
'Rodday's research proves that there are critical issues with what's likely the most expensive drone yet, as well as one that is used for more serious purposes than high-altitude selfies, which needs to be considered seriously,' wrote security analyst Swati Khandelwal at The Hacker News.
It's not the first time drones have been shown to be easily hacked in mid-air. Last January, Indian security researcher Rahul Sasi was able to show how a consumer drone could be disabled in mid-flight by injecting it with malware.