Collect the whole set.
Hacker Rahul Sasi has found and exploited a backdoor in Parrot AR Drones that allows the flying machines to be remotely hijacked. The Citrix engineer developed what he said was the first malware dubbed Maldrone which exploited a new backdoor in the drones. Sasi (@fb1h2s) said the backdoor could be exploited for Parrot drones …
The Citrix engineer developed what he said was the first malware dubbed Maldrone which exploited a new backdoor in the drones.
There's other software out there also named Maldrone and but not exploiting a backdoor to drone control systems? It's a pretty cool exploit, though. Let's hope Amazon does a better job with security than the Parrot people when they go forward using them for deliveries. Perhaps this might mean a job opportunity for Sasi.
You operate a drone, lets assume with any necessary licencing in place, and someone hijacks it, causing a crash with 3rd party injury or property damage as a consequence.
Appreciating that there might not be much of the device left, it will be interesting to see how courts will determine wether or not the original operator (and/or their insurance, if any) is liable for any civil claims or possibly even criminal charges.
I see flitetest mention the DJI Inspire refusing to arm if the firmware needed updating, could be interesting if your $3000 device refuses to play because it heard there was a newer firmware version from a man in the middle site.
Won't be long before all UAV's are forced to have a backdoor for "Air safety".
The fact gatherings and protests will only then be filmed from the authorities point of view is entirely coincidental.
> The fact gatherings and protests will then only be filmed from the authorities' point of view is entirely coincidental. [punctuation added; I can't help it...]
Te best solution to prevent this sort of thing might be to have the drone and the controller authenticate themselves at the beginning of the flight and then to ignore commands from anything else until its safely on the ground and powered off.
Or better yet not actually ave firmware on the drone and instead have it on the controller, you'd then plug in a cable to the drone form the controller, it'd copy the code into the drone's RAM and then proceed with startup. Part of this code would be a long symmetrical encryption key from the controller.
Biting the hand that feeds IT © 1998–2020