Security researcher makes drone “drop like a brick” from the sky

After PCs, mobile phones, cars, and other gadgets, it now seems to be the turn of hackers to break into drone software in a bid to take malware aerial.

Security engineer Rahul Sasi explained in a post, Maldrone the First Backdoor for drones, that could be used to infect a Parrot AR.Drone with malware within wireless range and make it ''drop like a brick.''    

But the infection need not be limited to Parrot AR.Drones and theoretically an attacker could also take control of any drone with an ARM processor and Linux-based operating system and then use it for surveillance.

Sashi plans to present Drone Attacks: How I hijacked a drone on 6 February at Nullcon in India. ''Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick,'' Sasi said. ''But my backdoor instantly takes control, so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing.''

According to Sasi, SkyJack and Maldrone could be good buddies, the difference being that ''SkyJack is an exploit'' for the Parrot AR Drone and ''Maldrone is the payload.'' So once vulnerability to hack a drone was exploited, a hacker could ''install Maldrone as a backdoor.'' Sasi added that his ''backdoor kills the autopilot and takes control.''

Meanwhile ZD Net reported that the use of drones, or unmanned aerial vehicles (UAVs), had expanded into the commercial consumer sector within the past few years and relatively cheap to produce, tiny, personal UAVs could be purchased and used for a variety of purposes -- from advanced photography to capturing sporting action.

"In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone. Once connection is established we can interact with the software as well as drivers/sensors of drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The Backdoor is persistent across resets."

Sasi says in an educational demo video explaining the security vulnerability that the malware was silently installed on a drone and allowed hackers to control the device remotely – and  conduct surveillance. According to the security researcher,  "There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions. Countries buy drones from their neighbours. What are the possibilities that there could be a backdoor in the drone you brought? What are the possible ways you can backdoor a drone? What would be the impact if security issues are found in computer devices that make decisions of their own?"