Hijack Nearly Any Drone MID-FIGHT Using ICARUS Gadget

 
 
Security researcher Jonathan Andersson has devised a small hardware dubbed "ICARUS" that can hijack a variety of popular drones mid flight allowing attackers to lock the owner out and give them complete control over the device.

Andersson who is the manager of Trend Micro's TippingPoint DVLab division demonstrated this new hack at this year's PacSec security conference in Tokyo, Japan on Wednesday.

Besides Drones the new gadget has the capability of fully hijacking a wide variety of radio controlled devices including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.

DSMx is a protocol used to facilitate communication between radio controllers and devices including drones, helicopters, and cars.

This is not the first hardware that can hijack drones mid fight. There are jamming devices available in the market that block controlling radio signals and render a drone useless. However these devices do not give you control like Icarus does.

Icarus works by exploiting DMSx protocol granting attackers complete control over target drones that allows attackers to steer, accelerate, brake and even crash them.

The loophole relies on the fact that DSMx protocol does not encrypt the secret key that pairs a controller and hobbyist device. So it is possible for an attacker to steal this secret key by launching several brute force attacks, Andersson explained in his presentation.
 
Once the drone hijacker, Icarus box, grabs the key an attacker can send malicious packets to restrict the original owner of the drone from sending legitimate control commands. Instead the drone will accept commands from the attacker.
 

There's little to be done to mitigate this issue and affected manufacturers are releasing patches and updated hardware and securing the industry wide encryption protocol in future drones.

My guess is that it will not be easy to completely remedy the situation. The manufacturers and partners in the ecosystem sell standalone radio transmitters models of all kinds transmitters that come with models and standalone receivers, Andersson told Ars Technica.

Only a certain set of standalone transmitters have a firmware upgrade capability though the fix is needed on the model/receiver side. Icarus has not been made available for sale but this kind of gadget could benefit law enforcement as well as people who are worried about their safety and privacy.

No comments:

Post a Comment