A security researcher from IBM has said that a $21,700 police drone used for surveillance, can be hacked with a $40 kit.

Vulnerabilities of the flying machine allow it to be controlled or knocked out of the sky within a mile of range. Findings will be presented at the RSA security conference in San Francisco on Wednesday.

Several countries are already using drones as part of their security equipment. Nils Rodday, who works at IBM, conducted a research at the Netherland’s University of Twente to determine if those aerial vehicles were safe enough to prevent a hacking attempt.

Photo: The Higher Learning
Photo: The Higher Learning

Mr. Rodday selected an unmanned aerial vehicle (UAV) which is currently used by the Dutch police for some surveillance tasks. Results would appear to show that it is actually possible to start the drone’s engine, control its camera and crash it till it does not work, within a mile of range.

The drone’s developer has been notified about the vulnerabilities. However, Rodday said to Wired magazine that solving the problem would no be easy since the drone would require a major hardware update. 

The selected drone costs about $21,700 and it has eight rotors, that allow it to carry loads of up to 6.4 lb. Moreover, it can stay airborne for more than 30 minutes. It was reported that the drone’s manufacturer provided Mr. Rodday with a machine, but he is not permitted to disclose its name.

Explaining the hacking

The $40 hacking kit consists of a telemetry module fitted with a Xbee radio chip, developed by Digi International. According to the BBC, the module converts Wi-Fi commands generated by a computer software, into frequency radio waves that are transmitted to another Xbee chip installed on the drone.

It appears that after the security expert intercepted the Wi-Fi connection of the drone, it was “relatively easy” to transmit his own orders to the flying machine. He wrote in his thesis that preventive security measures can be developed to avoid such hacking attempts, but it would only be possible with the implementation of better hardware that would increase the costs of manufacturing.

“That a engineering student could demonstrate how to hack and take control of a larger commercial UAV as part of his masters degree shows both the infancy of this technology and the potential risks presented by the proliferation of these devices,” said Prof David Dunn, from the University of Birmingham, according to BBC News.

Source: BBC News