Hackers Can Exploit Security Flaws In Drones To Hijack Flight Controller

Security flaws have been found in drones that could allow hackers to target and attack the flight controller which includes numerous sensors as well as the processing unit, reveals a research conducted by Oleg Petrovsky, Senior AV researcher of HP Security.

We all know that there have been number of recent developments in the manufacturing of brushless motors, microcontrollers, tiny sensors, batteries as well as the availability of lighter and stronger compound materials, because of which Unmanned Aerial Vehicles (UAVs) or drones have become easily acquirable for consumers.

Nowadays, any individual can go out and buy a quadcopter embedded with a camera for themselves to construct their very own helicopter or to capture stunning aerial videos and photos. However, with the rapid increment in the purchase of drones, we have also witnessed an upsurge in the number of incidents due to these multi-rotor aerial gadgets.

To further examine the reason behind these incidents, HP’s Oleg Petrovsky has conducted an extensive research and analysed numerous drones as well as its components to search for possible vulnerabilities and security flaws within the system, specifically those embedded with ArduPilotMega (APM) flight controller.

Most of the consumer drones found in the market usually consists of basic components such as sensors, GPS system, microprocessor, speed controller, battery, motors, remote control system, flight controller and other modules.

The Virus Bulletin 2015 conference website reveals, “The controllers we will evaluate include a 3D Robotics ArduPilotMega (APM) system from 3D Robotics, PX4 flight stack, Pixhawks autopilot module, and similar popular flight controllers widely adopted by the UAV industry.”

The controllers that are being used in these drones are developed on identical technology.  As a result, there has been an increase in the vulnerabilities in many models and versions of the drones because hackers can conduct the same attack on various drones.

Petrovsky has unveiled all the data related to the security flaws and possible exploits he has found within the drones at the Virus Bulletin conference held at Clarion Congress Hotel in Prague, the capital city of the Czech Republic.

The Vulnerability

In the presentation, Petrovsky revealed scenarios in which hackers could target drones flying on the pre-programmed routes. These drones include the ones that are being pre-programmed using ground station software to automate the flying path. This kind of system is widely used across the world to .

The researcher was able to conduct an attack on the APM controller embedded onto the drone and being controlled with a ground station application called Mission Planner. He was able to gain complete control over the connected drone and gained access to modify pre-programmed flight path.

Furthermore, he was able to carry out a similar attack on another drone using same flight controllers and was able to control them too with his ground station program.

Since the communication channel between the ground station and the flight controller of the drone is based on an unsecured protocol, a hacker can easily attack and gain real-time access to the drone.

He concluded that theoretically, there are some serious security flaws found in those drones that use the ground system for communication and it affects other drone systems as well.


Related Posts