No Need To Shoot Down Drones – Just Hijack Them

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

A security researcher has devised a method of hijacking a wide variety of radio- controlled airplanes, helicopters, cars, boats and other devices that use a popular wireless transmission technology.

The attack was developed by Jonathan Andersson, manager of the Advanced Security Research Group at Trend Micro DVLabs, and targets a "wideband, frequency-agile 2.4GHz signal protocol" called DSMx. This protocol is used in radio-control (R/C) toys, including in drones, that are owned by millions of users.

Andersson's attack exploits weaknesses in DSMx and was presented in detail recently at the PacSec security conference in Tokyo. The researcher built a device that he dubbed Icarus, using off-the-shelf electronic components and software-defined radio (SDR). With it, he can take over the control of drones or other R/C devices and lock out their real owners in seconds.

The hijacking is possible because the various bits of secret information needed to pair a remote transmitter to a DSMx receiver can be extracted from the protocol or can be brute-forced, the researcher explained in his presentation. Furthermore, a timing vulnerability allows sending control packets before the legitimate transmitter, causing the receiver to ignore the latter.

Hobbyist R/C airplanes, helicopters and other flying drones are increasingly causing problems for manned aircraft and even for homeowners who feel that their privacy is being invaded when these devices are flown close to their property. There are certain no-fly areas for drones, for example near airports, but some users ignore these restrictions.

The rising number of drone sightings in no-fly areas and of near-miss incidents between drones and manned aircraft have led regulators in the US and Europe to consider legislation that would restrict the use of such devices. It has also led to the development of commercial solutions for disabling in-flight drones. There have even been reports of people, including police, shooting down drones.

Hijacking drones and landing them safely instead of shooting them down and damaging them is a more elegant solution and could make possible trespassing investigations easier. Andersson noted in his presentation that his technique can also be used to passively monitor areas for unwanted drone activity and to record unique drone IDs that could later be used to identify their owners.

Computerworld
 

« US Banking Regulator Suffers A Major Breach of Confidential Data
How Did WikiLeaks Get Clinton's Emails? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Optimum Insurance

Optimum Insurance

Optimum's Cyber Risk & Data Protection Insurance policies are designed to protect against cyber exposures that arise when a company’s data and customer information is breached or stolen.

Cydome

Cydome

Cydome offers full-spectrum cybersecurity solutions tailored for the maritime industry.

Tempered Networks

Tempered Networks

Tempered Networks delivers the first purpose-built platform for IIoT cybersecurity that allows customers to connect and secure devices in minutes without the need for specialized skills.

Asseco Group

Asseco Group

Asseco Poland stands at the forefront of the multinational Asseco Group. We are a leading provider of state-of-the-art IT solutions in Central and Eastern Europe.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Nucleon

Nucleon

Nucleon enables cybersecurity tools, organizations and software developers to become proactive by blocking threats before they become breaches.

CyberFortress

CyberFortress

CyberFortress is an insuretech startup offering a new kind of online business interruption policy designed for small business.

Onevinn

Onevinn

Onevinn's goal is to create a transparent, cost-effective security that is noticed as little as possible by the users. We simply call it "intelligent security."

GRSi

GRSi

GRSi deliver next-generation systems engineering, cybersecurity, technology insertion and best practices-based Enterprise Operations (EOps) management.

Mandiant

Mandiant

Mandiant deliver dynamic cyber defense solutions powered by industry-leading expertise, intelligence and innovative technology.

Telstra

Telstra

Telstra is one of the world's leading telecommunications and technology companies, offering a wider range of services from networks and cloud solutions to mobility and enterprise collaboration tools.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

MajorKey Technologies

MajorKey Technologies

MajorKey improves security performance by reducing user friction and business risk, empowering your people, and protecting your IP.

Anatomy IT

Anatomy IT

Anatomy IT empowers healthcare providers to deliver exceptional patient care with cutting-edge technology and cybersecurity solutions.

Invisinet Technologies

Invisinet Technologies

Invisinet is a cybersecurity technology company specializing in innovative solutions that protect network infrastructure and critical assets from advanced threats.