If tech builds it, hackers will be exploit it, and whilst this isn’t a new thing for drones, the new malware that can cause a hacker to be able to take control of a drone mid-flight is a next level for the tech. Welcome to every Sci Fi film’s nightmare. As the shine starts to wear off, as with other new technologies, we’re realising that security in these new devices is more important than ever.
Security expert Rahul Sasi has discovered and exploited a back door vulnerability in the Parrot AR drones – this means he can hijack them remotely using the malware Maldrone. This isn’t the first time drones have been infected – several years ago a virus got into a whole US fleet of drones! – but it seems that it’s the first time it’s heading straight for the autonomous decision-making units (the brain bit) so hackers can remotely control the drone, and also the first malware that’s designed to work across drone types – he’s done proof-of-concept on Parrot drones but is also looking at trying it on a DJI Phantom as well.
It’s the first backdoor malware written for the AR drone ARM Linux system, and the code – written by Sasi – has the power to compromise every drone on this system. It could cause the drone to fall out of the sky. The malware could literally interrupt the drone as it was flying, cause it to stop working, and then take control of it before it hits the ground. That is mind-bogglingly terrifying. In his blog post Sasi explains:
“In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone. Once connection is established we can interact with the software as well as drivers/sensors of drone directly. There is an existing AR drone pioloting [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][sic] program. Our backdoors kills the auto pilot and takes control. The Backdoor is persistent across resets.”
This method is also different to previous attacks because it’s able to bypass authentication mechanisms and doesn’t limit its mischief to interface with the signals sent by the command infrastructure. He says that because Maldrone is a payload, not an exploit, it could also team up with the Skyjack attack in a way that would provide a backdoor for the vulnerability.
The security of drones is massively and terrifyingly important – partly because no one really wants to be hit by a drone that’s falling out of the sky, and partly because of the ways that it could be used: for spying, for example, or being turned into war machines. Even re-routing expensive delivery packages would be pretty frustrating – I know I get a rage on when my parcel is a day late, let alone my extremely important delivery of season two of Game of Thrones being diverted forever.
So, this could be a terrifying look into the future of drones. The good news – if you’re a drone owner – is that it’s still limited, and you have to be pretty close to the drone to use Maldrone. What we need to do with drones – as with any other emerging tech – is make sure we’re doing everything we can to protect them, and to build security against potential threats from the ground up: making sure that we stay one step ahead, and at least several metres above!