Perhaps it's not that he can cracking the encryption but that he can attack the original signal outside the envelope, hijack the drone and establish a new link by pretending to be the original that lost its encryption chain and has to start over. Tough to beat sine it happens in real life.
Biz claims it's reverse-engineered encrypted drone commands
US company Department 13 claims it has been able to reverse-engineer several popular drones' commands, even when they are encrypted before transmission. The company yesterday launched a product called MESMER that it says offers users the ability to take control of drones flown by third parties. The suggested use case is to …
COMMENTS
-
-
Tuesday 24th January 2017 07:17 GMT Adam 1
There's plenty of things it could be. Perhaps it's vulnerable to a replay attack where for example a specific command can simply be recorded and repeated to get the drone to do the same thing again.
Or perhaps they are using the MAC address as part of the key generation algorithm.
Or perhaps they can MitM attack the pairing operation between the device and remote.
Or perhaps some development numpty hard coded the root password in the firmware.
Or perhaps they can drown out the packets coming back from the device and trick the remote into falling back to some ancient broken encryption.
Or perhaps it suffers heartbleeding beast poodle....
-
-
Tuesday 24th January 2017 08:01 GMT MrT
From some of the language used, it also sounds like they are copying and replicating the command signals. For example, unless the drone command system encrypts every single instruction using a rolling key, so each one will be unique at the point of sending, it is possible that the same 'go left' etc. radio signal is used each time. "Encryption" may just be used to identify individual drones in a busy airspace (a bit like the old coloured paired crystal sets used in RC for years). In that case, it'll be possible to copy the signals, analyse the pattern, work out which garbled chunk means up, down, left, right, etc. and blast the airwaves with copies until the drone responds.
It'll also be possible to perform a key attack in the manner that we used to do with stuff like Airopeak and WLANjack (as mentioned in comments further up here), modified to be more focused on drone signals.
-
Tuesday 24th January 2017 08:49 GMT Andy 73
At a rally somewhere..
"It's ok chief, we've got you covered. Not a single threat can get in"
"What sort of thing are we talking about?"
"Oh, you know, drones!"
"Drones? Those military bastards!"
"Uh, no.. like, kids drones. They can carry a mean GoPro"
"Oh.. I see. What about grenade launchers? Guns? Trucks running through crowds?"
"What?! That's a hardware problem! We're here to ensure no-one can take an evil selfie!"
-
Tuesday 24th January 2017 14:13 GMT Cuddles
Re: At a rally somewhere..
"Uh, no.. like, kids drones. They can carry a mean GoPro"
"Oh.. I see. What about grenade launchers? Guns? Trucks running through crowds?"
"What?! That's a hardware problem! We're here to ensure no-one can take an evil selfie!"
That hardware problem has already been solved - http://www.bbc.co.uk/news/technology-38663394, and that's not counting the hundreds of videos doing the rounds of various people attaching guns and the like to drones just for fun. A lot of people love to dismiss any and all drones as just toys, but there is not just obvious potential for harm, they're already being actively used for it. Trying to come up with ways to prevent that doesn't seem particularly worthy of mockery. Sure, it might not be the worst problem in the world today, but the problem is there so why not try to fix it before it becomes a bigger one?
-
Tuesday 24th January 2017 19:26 GMT Andy 73
Re: At a rally somewhere..
So a drone comes over that's been modified in an unknown way, and the first thing you want to do is mess with it's radio signal? Isn't that rather like the bomb squad myth that someone goes in and cuts the green wire?
Back in the real world, I would have thought a serious threat would more likely be shot out of the sky.
-
Tuesday 24th January 2017 19:28 GMT Tikimon
Re: At a rally somewhere..
"but there is not just obvious potential for harm, they're already being actively used for it."
Can you cite a case where such a modified drone has been deliberately used to harm someone? News link to "Man shot by gun-carrying drone!"? I suspect not.
Making something able to shoot projectiles does not equate to "actively used for harm." Someone put a chainsaw on a drone, but nobody's been killed with it yet. There are groups who arm radio-control ships with projectile guns and have naval battles. Radio-control aircraft have been capable of firing rockets for decades and are demonstrated at meets. No "active harm" in any case.
I make a plea for perspective and proportional response. Panic over every crazy hobbyist project is not useful and ruins the fun for the rest of us.
-
Wednesday 25th January 2017 13:58 GMT Cuddles
Re: At a rally somewhere..
"Can you cite a case where such a modified drone has been deliberately used to harm someone? News link to "Man shot by gun-carrying drone!"? I suspect not."
Perhaps if you bothered reading the post you quoted, you'd have noticed that I already did.
@Andy 73
"So a drone comes over that's been modified in an unknown way, and the first thing you want to do is mess with it's radio signal? Isn't that rather like the bomb squad myth that someone goes in and cuts the green wire?
Back in the real world, I would have thought a serious threat would more likely be shot out of the sky."
If you have a choice between disabling it in a harmless way by taking control of it yourself, or even by simply preventing it from being controlled at all while still a good distance from any target, why on Earth would you not choose to do that and instead start wildly firing live ammunition into the air?
-
Thursday 26th January 2017 10:51 GMT Andy 73
Re: At a rally somewhere..
"If you have a choice between disabling it in a harmless way by taking control of it yourself, or even by simply preventing it from being controlled at all while still a good distance from any target, why on Earth would you not choose to do that and instead start wildly firing live ammunition into the air?"
You're assuming that sending radio signals to a modified drone will do what you expect. Most drones can fly predefined paths, so don't need continuous control. Any attempt at signalling to them could have completely unexpected results - a weapon could be tied to any given behaviour so 'safely' stopping it involves double guessing that behaviour. Will it drop a grenade if you ask it to slow down, speed up, lower altitude, gain altitude, fly north?
I won't go into the ways a consumer drone can be modified, nor the challenges of gaining access to it "while still a good distance from any target". The operational issues with telling a flying bomb to be harmless are immense.
-
-
-
-
-
Tuesday 24th January 2017 20:58 GMT Crazy Operations Guy
My city's airport has been experimenting with birds-of-prey to keep drones out of the way of aircraft. They already use such birds to keep other birds off the airport grounds, so its just a matter of training them to hunt drones as well. A Phantom Drone is no match for a bird that can pick up and eat a grey wolf...
-
-
Tuesday 24th January 2017 10:54 GMT Peter Christy
I suspect that the "poor quality" of the "encryption" used in drones - or indeed any radio controlled aircraft - is more to do with the need to avoid latency at all costs rather than anything else.
You don't want the control system lagging half-a-second behind the pilot. That way lies disaster.....!
-
Tuesday 24th January 2017 17:12 GMT Jason Bloomberg
"They [drone-makers] are not making it NSA-proof"
But is that a real necessity?
Encryption on drones is probably to make hijacking less likely or accidental rather than prevent it entirely.
Looking around my office I don't think there is anything which is NSA-proof. I imagine the radio controlled clock could be fooled by someone with a 60kHz transmitter faking a 'Rugby' MSF time signal. I imagine that could make me late for an important meeting and ruin my life but I am not convinced it really needs to be made NSA-proof.