This is serious.
This week at the PacSec security conference in Tokyo, researchers unveiled a new device that is capable of fully commandeering radio-controlled drones by exploiting a vulnerability in the frequency-hopping systems drone makers use to obfuscate and protect their radio communication. While the device isn’t available for sale, other hackers may soon find the vulnerability too, Ars Technica reports.
And as was demonstrated earlier this month at a day-long workshop at the U.S. Federal Trade Commission on the security and subsequent privacy questions raised by drones, FTC researchers were able to hack into three different off-the-shelf drones. They took over the camera feed on each one; for two of the drones, they were able to turn off the aircraft to make it fall from the sky and seize complete control of the flight path.
A representative from DJI noted the aircraft the FTC used to demonstrate the hack, the Parrot AR, was released in 2010 and that manufacturers have since taken measures to better secure drones, like encrypting the control link to prevent hijacking, and measures to prevent GPS tampering.
But at the moment, as with all connected devices, there aren’t clear rules about what manufacturers need to do to secure drones to prevent them from being tampered with by malicious hackers.
The FTC is soliciting comments from the public on the consumer privacy and security implications of drone technology until Nov. 14.
Recode asked to obtain the research presented at the FTC event or for information on the specific drones they were able to hack, but the agency requested a Freedom of Information Act letter be submitted, which is now pending fulfillment.