Cyber safety specialist hacked the drones

Indian cyber security expert Rahul Sasi (Rahul Sasi) was told about his way secretly to obtain full control of drones based on ARM Linux, steal them from the owner and even infect other drones, collecting thus the "zombie army". The results of the research he presented on January 26 in his blog.

According to the security officer of the Indian company Citrix Rahula Sasi, the threat of mass hacking of drones by real hackers. He found the vulnerability in operating systems on ARM based Linux is used in popular brands Parrot quadcopters and DJI Phantom.

In some drones, in particular, used a specialist Parrot a program of the autopilot enabled quadcopter in the air or moving it at the specified rate. Virus Maldrone (abbr. Malware Drone), developed by Sasi able to seize control of this program and to move the drone in any direction, potentially stealing it from the owner.

Maldrone drawback is that it requires a few moments to switch the control responsible for the navigation of the ports of the device itself. During this "intercepting" the drone's controller is disconnected and it falls straight down, so it can break if it is not high enough.

Approximately 70 countries produce drones on the radio. Most of these devices are able to make decisions independently. Other countries buy drones from their neighbors. What is the probability that the purchased can be a vulnerability? What are the methods of hacking a drone? What can happen if the vulnerability will find in the device, able to make decisions independently?

In 2013, the media reported the development of a hacker Samy Kamkar called SkyJack. By using specially crafted exploits the built in drone Parrot, Sammy learned to block the signal from the controller of the owner (iOS or Android), translating into traffic to certain MAC ports of drone victims. Even then drones Parrot was very popular: with the start of sales in 2010 sold more than half a million folks.

So Sammy could also take over the drone and steal it from the owner on the road "zombifying" the other "brothers", but the owner could regain control of the device. Rahul Sasi says it's an exploit can work in conjunction with SkyJack, only in this case to regain control of the drone is not possible without physical intervention.

Other technical details of its report, Rahul Sasi has promised to present at the conference on information security Nullcon, which will be held in early February in Goa.