Security researchers have discovered a weakness in off-the-shelf aerial drones that could potentially carry nefarious payloads, which could allow law enforcement officials to take control of the unmanned crafts in mid air.
The Parrot AR drone tested is a freely available, off the shelf quadrocopter equipped with a high definition camera and controlled via a WiFi connection, the researchers from Australia’s Edith Cowan University (ECU) wrote in report, titled “Towards detection and control of civilian unmanned aerial vehicles.”
Researchers found it was susceptible to what they called “de-authentication attacks,” that would allow control to be taken over while it was airborne. They said that it was possible to hijack the drones’ WiFi connection from a laptop running the right software. Parrot AR drones, available for about $300 at stores like Toys”R”Us and Amazon, are controlled via a smartphone or tablet applications.
The researchers said that drones like the ones they investigated have seen an enormous increase in popularity in recent times. These type of drones are increasingly used, according to the researchers, for crop dusting, commercial photography, biological studies and weather reporting.
“The misuse of small UAV’s such as the Parrot by criminal or terrorist elements is a potential threat to critical infrastructure,” the report concluded. “This is due to their low cost, wide availability, operability in unrestricted airspace and the ability to carry a small but dangerous payload.”
Though this weakness can be used for law enforcement to prevent criminal and terrorist activities with similar devices it also sheds more light on the vulnerability of radio and other devices that use cellular communication systems, Bluetooth™ keyboards, RFID/NFC devices (contactless communications), WiFi, and Radio Data Systems (RDS). Much like firmware many of these devices were not built with security in mind and are the ultimate in convenience for eavesdroppers seeking confidential information.