Nils Rodday a security researcher at IBM presented at Black Hat Asia how you can gain control of an expensive professional drone widely used by law enforcement, services extraordinary of necessity, and in the private sector, due to the lack of encryption.
Rodday reported that quadcopters that cost 25.000 euros can be hacked with hardware that costs less than 35 euros, and some basic radio communications knowledge.
The attacker can commandeer the radio links used to control the drones from two kilometers away, and owners will not be able to reconnect with the vessel.
Rodday reported at the conference blackhat Asia in Singapore that attackers through an Android app can fully control the drone, and held a demonstration. Read the PDF at the end of the post.
“You can crack WiFi WEP encryption to disconnect it tablets of the legitimate operator and connect yours, but it should be within 100 meters,” Rodday said.
"As for the Xbee connection used by the drone, it can be bypassed with a man-in-the-middle attack by injecting commands between the UAV and the telemetry box from two kilometers away.
"An intruder can redefine the packet path, blocking the operator, or let the packets pass, but I guess most attackers will not allow this."
For more details, read the presentation in PDF
