A researcher has demonstrated a way for attackers to hijack drones in the air without damaging them.
Not everyone is pleased with the emergence of hobbyist drones.
Drones, otherwise known as unmanned aerial vehicles (UAVs), can be used for a variety of purposes -- such as land surveys and military applications -- and there is now a wide range of affordable devices on the market for enthusiasts.
While these devices can be great for photographers and videographers, as with most new consumer technology, they can also irritate. We've heard of cases when members of the public have resorted to taking pot-shots at drones flying around their property without consent.
Drone use is becoming such an issue in some areas that aviation regulators have issued edicts for prison terms when flight rules are disobeyed, putting commercial flights at risk. But as one researcher has now demonstrated, there are other ways to take them out of the air.
On Wednesday, security researcher Jonathan Andersson, a member of Trend Micro's TippingPoint DVLab division, presented the new method at the 2016 PacSec security conference in Tokyo.
Rather than using a jammer to intercept and interrupt signals in order to disrupt a drone's flight path, Andersson revealed a small hardware module which is able to fully hijack a range of popular drones and remote control devices due to the DSMx radio protocol.
DSMx is used to facilitate communication between radio controllers and hobbyist devices, including drones, helicopters, and cars. The Icarus box, as reported by Ars Technica, seizes on a small protocol design flaw to hijack devices using DSMx, granting attackers the ability to wrestle away control of devices from the original operator which allows hackers to steer, accelerate, brake and even crash them.
The Icarus box is able to hijack drones as DSMx does not encrypt the key which binds a controller and device together. This "secret" key can be grabbed by observing the protocol and launching several brute-force attacks. Once Icarus has the key, attackers can send a malicious packet which prevents the original operator from sending valid, accepted commands.
Instead, the compromised device will only accept instructions from the hijacker.
Beyond vendors issuing patches or updating firmware to mitigate the problem -- and including industry-standard encryption in future devices -- little can be done about such attacks.
Speaking to the publication, Andersson said:
"My guess is that it will not be easy to completely remedy the situation. The manufacturers and partners in the ecosystem sell standalone radio transmitters, models of all kinds, transmitters that come with models and standalone receivers.
Only a certain set of standalone transmitters have a firmware upgrade capability, though the fix is needed on the model/receiver side."