Nils Rodday, a security researcher at IBM, presented at Black Hat Asia how you can gain control of an expensive professional drone that usesIt is widely used by law enforcement, emergency services, and the private sector due to its lack of encryption.
Rodday reported that quadcopters that cost 25.000 euros can be hacked with hardware that costs less than 35 euros, and some basic radio communications knowledge.
The attacker can commandeer the radio links used to control the drones from two kilometers away, and the owners will not be able to reconnect with the vessel.
Rodday reported at the blackhat Asia conference in Singapore that attackers through an app Android can fully control the drone, and held a demonstration. Read the PDF at the end of the post.
"You can break WEP WiFi encryption to disconnect the legitimate operator tablet and connect your own, but it should be 100 meters away," Rodday said.
"As for the Xbee connection that the drone uses it can be bypassed with a man-in-the-middle attack by injecting the commands between the UAV and the box telemetrys from two kilometers away.
"An intruder can redefine the packet path, blocking the operator, or let the packets pass, but I guess most attackers will not allow this."
For more details, read the presentation in PDF