back to article Biz claims it's reverse-engineered encrypted drone commands

US company Department 13 claims it has been able to reverse-engineer several popular drones' commands, even when they are encrypted before transmission. The company yesterday launched a product called MESMER that it says offers users the ability to take control of drones flown by third parties. The suggested use case is to …

  1. Charles 9

    Perhaps it's not that he can cracking the encryption but that he can attack the original signal outside the envelope, hijack the drone and establish a new link by pretending to be the original that lost its encryption chain and has to start over. Tough to beat sine it happens in real life.

    1. Adam 1

      There's plenty of things it could be. Perhaps it's vulnerable to a replay attack where for example a specific command can simply be recorded and repeated to get the drone to do the same thing again.

      Or perhaps they are using the MAC address as part of the key generation algorithm.

      Or perhaps they can MitM attack the pairing operation between the device and remote.

      Or perhaps some development numpty hard coded the root password in the firmware.

      Or perhaps they can drown out the packets coming back from the device and trick the remote into falling back to some ancient broken encryption.

      Or perhaps it suffers heartbleeding beast poodle....

      1. Version 1.0 Silver badge

        Or perhaps they are using ROT13?

  2. MrT

    From some of the language used, it also sounds like they are copying and replicating the command signals. For example, unless the drone command system encrypts every single instruction using a rolling key, so each one will be unique at the point of sending, it is possible that the same 'go left' etc. radio signal is used each time. "Encryption" may just be used to identify individual drones in a busy airspace (a bit like the old coloured paired crystal sets used in RC for years). In that case, it'll be possible to copy the signals, analyse the pattern, work out which garbled chunk means up, down, left, right, etc. and blast the airwaves with copies until the drone responds.

    It'll also be possible to perform a key attack in the manner that we used to do with stuff like Airopeak and WLANjack (as mentioned in comments further up here), modified to be more focused on drone signals.

  3. Drew 11

    Do these drones have a "goto" command?

    Video 50 drones all trying to land in the same spot and you've got viral youtube on your hands.

    1. Rich 11

      I expect the soundtrack would be the 1812 Overture.

      1. Halfmad

        slowmo guys could make a fantastic video of drone bits flying off.

  4. Andy 73 Silver badge

    At a rally somewhere..

    "It's ok chief, we've got you covered. Not a single threat can get in"

    "What sort of thing are we talking about?"

    "Oh, you know, drones!"

    "Drones? Those military bastards!"

    "Uh, no.. like, kids drones. They can carry a mean GoPro"

    "Oh.. I see. What about grenade launchers? Guns? Trucks running through crowds?"

    "What?! That's a hardware problem! We're here to ensure no-one can take an evil selfie!"

    1. Cuddles

      Re: At a rally somewhere..

      "Uh, no.. like, kids drones. They can carry a mean GoPro"

      "Oh.. I see. What about grenade launchers? Guns? Trucks running through crowds?"

      "What?! That's a hardware problem! We're here to ensure no-one can take an evil selfie!"

      That hardware problem has already been solved - http://www.bbc.co.uk/news/technology-38663394, and that's not counting the hundreds of videos doing the rounds of various people attaching guns and the like to drones just for fun. A lot of people love to dismiss any and all drones as just toys, but there is not just obvious potential for harm, they're already being actively used for it. Trying to come up with ways to prevent that doesn't seem particularly worthy of mockery. Sure, it might not be the worst problem in the world today, but the problem is there so why not try to fix it before it becomes a bigger one?

      1. Andy 73 Silver badge

        Re: At a rally somewhere..

        So a drone comes over that's been modified in an unknown way, and the first thing you want to do is mess with it's radio signal? Isn't that rather like the bomb squad myth that someone goes in and cuts the green wire?

        Back in the real world, I would have thought a serious threat would more likely be shot out of the sky.

        1. allthecoolshortnamesweretaken

          Re: At a rally somewhere..

          "Isn't that rather like the bomb squad myth that someone goes in and cuts the green wire?"

          Yeah, that's just an urban myth.

          It's always the blue wire.

      2. Tikimon
        WTF?

        Re: At a rally somewhere..

        "but there is not just obvious potential for harm, they're already being actively used for it."

        Can you cite a case where such a modified drone has been deliberately used to harm someone? News link to "Man shot by gun-carrying drone!"? I suspect not.

        Making something able to shoot projectiles does not equate to "actively used for harm." Someone put a chainsaw on a drone, but nobody's been killed with it yet. There are groups who arm radio-control ships with projectile guns and have naval battles. Radio-control aircraft have been capable of firing rockets for decades and are demonstrated at meets. No "active harm" in any case.

        I make a plea for perspective and proportional response. Panic over every crazy hobbyist project is not useful and ruins the fun for the rest of us.

        1. vir

          Re: At a rally somewhere..

          Probably not something most of us have to worry about, but even a Phantom can carry enough explosives to kill a few people:

          https://techcrunch.com/2016/10/13/how-consumer-drones-wind-up-in-the-hands-of-isis-fighters/

        2. Black Betty

          Re: At a rally somewhere..

          but, but they did it on Hawaii Five Oh, so it must be true.

        3. Cuddles

          Re: At a rally somewhere..

          "Can you cite a case where such a modified drone has been deliberately used to harm someone? News link to "Man shot by gun-carrying drone!"? I suspect not."

          Perhaps if you bothered reading the post you quoted, you'd have noticed that I already did.

          @Andy 73

          "So a drone comes over that's been modified in an unknown way, and the first thing you want to do is mess with it's radio signal? Isn't that rather like the bomb squad myth that someone goes in and cuts the green wire?

          Back in the real world, I would have thought a serious threat would more likely be shot out of the sky."

          If you have a choice between disabling it in a harmless way by taking control of it yourself, or even by simply preventing it from being controlled at all while still a good distance from any target, why on Earth would you not choose to do that and instead start wildly firing live ammunition into the air?

          1. Andy 73 Silver badge

            Re: At a rally somewhere..

            "If you have a choice between disabling it in a harmless way by taking control of it yourself, or even by simply preventing it from being controlled at all while still a good distance from any target, why on Earth would you not choose to do that and instead start wildly firing live ammunition into the air?"

            You're assuming that sending radio signals to a modified drone will do what you expect. Most drones can fly predefined paths, so don't need continuous control. Any attempt at signalling to them could have completely unexpected results - a weapon could be tied to any given behaviour so 'safely' stopping it involves double guessing that behaviour. Will it drop a grenade if you ask it to slow down, speed up, lower altitude, gain altitude, fly north?

            I won't go into the ways a consumer drone can be modified, nor the challenges of gaining access to it "while still a good distance from any target". The operational issues with telling a flying bomb to be harmless are immense.

  5. Doctor Syntax Silver badge

    It sounds useful for keeping airport approaches drone free.

    1. Crazy Operations Guy

      My city's airport has been experimenting with birds-of-prey to keep drones out of the way of aircraft. They already use such birds to keep other birds off the airport grounds, so its just a matter of training them to hunt drones as well. A Phantom Drone is no match for a bird that can pick up and eat a grey wolf...

      1. Anonymous Coward
        Anonymous Coward

        But unlike birds, drone can move like helicopers, meaning they can move sideways, and it's hard to correct a dive against that kind of movement. Even if you're powerful enough to pick up a grey wolf, you might have trouble with creatures like deer that have great lateral agility.

  6. Peter Christy

    I suspect that the "poor quality" of the "encryption" used in drones - or indeed any radio controlled aircraft - is more to do with the need to avoid latency at all costs rather than anything else.

    You don't want the control system lagging half-a-second behind the pilot. That way lies disaster.....!

  7. David Pearce

    They probably just a simple block cypher to encrypt each command. The problem with cyclic algorithms is that in an error prone environment you get error multiplication and slow re-syncronisation

  8. Jason Bloomberg Silver badge

    "They [drone-makers] are not making it NSA-proof"

    But is that a real necessity?

    Encryption on drones is probably to make hijacking less likely or accidental rather than prevent it entirely.

    Looking around my office I don't think there is anything which is NSA-proof. I imagine the radio controlled clock could be fooled by someone with a 60kHz transmitter faking a 'Rugby' MSF time signal. I imagine that could make me late for an important meeting and ruin my life but I am not convinced it really needs to be made NSA-proof.

  9. allthecoolshortnamesweretaken

    Will it work on a Predator, Reaper or Global Hawk? I'm asking for a friend.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like