University of Twente master’s student claims to be able to take over police dronesdro

At a security conference RSA in the United States, a former master’s student from the University of Twente demonstrated how he can remotely take over a drone worth tens of thousands of euros that is used by police forces, among others.

The German Nils Rodday, who now works at IBM but conducted his research in collaboration with KPMG at the University of Twente, does not mention in his presentation at the RSA Conference which drone he can take over and in which countries the police use these drones, but given the named Xbee module must concern European countries, because they work on frequencies that the police are only allowed to use in Europe.

Rodday lists two methods for taking control of the drone. The first is through the Xbee module in the drone controller on the ground. Rodday himself bought such a module to act as a man-in-the-middle. While Xbee’s can communicate securely, that feature is turned off on the drone to reduce latency, Wired writes.

A second attack method is via the tablet with which the pilot controls the drone. The communication between the drone and the pilot on the ground is via a WiFi connection that is secured via WEP, a WiFi protocol whose passwords have been known for years to be easy to retrieve. The attack therefore works by retrieving the password. Rodday found out the commands for the drone via the Android app, after which he can steer them himself and thus take over the controls.

It is unknown how many drones contain these vulnerabilities. Rodday received no response from flying machine manufacturers to his questions. The former master’s student of the University of Twente suspects that many more drones could be vulnerable. These vulnerabilities can be resolved with stronger Wi-Fi protocols and enabling encryption on the Xbee modules.