Researchers have found a new way to hijack some police drones, as first reported by Wired. The attack was developed by researcher Nils Rodday, currently employed by IBM, who will present his findings at the RSA conference this week. By exploiting vulnerabilities in a drone's telemetry system, Rodday was able to assume control and block out communications from the owner, an attack with potentially broad implications for drones everywhere.
Rodday's research focuses on a specific model of drone used by police, which he declines to name, but the broader vulnerability may be much more difficult to fix. The attack focuses on the protocol connecting the drone to its controller, which is often left unsecured to ensure that commands reach the drone as quickly as possible. Unfortunately, that also means that with the right set of signals, attackers can masquerade as the drone's owner and take control of the craft. There are a number of established ways to protect against that attack, but it would require rewriting the drone's wireless protocols, either adding latency or additional hardware to handle the more complex requests.
As drones have grown more popular, there are an increasing number of researchers and companies looking at ways to take them down, occasionally for public safety reasons. Companies like Selex and Batelle are already marketing products to law enforcement officers that would take down potentially threatening drones that stray too close to airports or prisons, although the use of such devices still occupies a legal gray area. Open vulnerabilities are rarely consistent across different models, while broader spectrum jamming violates FCC regulations, often leaving responders with few options for bringing down a drone without endangering public safety.
This bazooka is designed to capture rogue drones