Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

This year’s 315 Evening Gala exposed six categories of smart hardware or technology-related products, including drones, smart buildings, smart homes, security cameras, card POS machines, and smart cars. Among them, the DJI drone was showcased as a case of being hijacked by hackers in the information security segment. According to reports from CCTV, under the control of hackers, the DJI drone flew away from its owner’s control, allowing hackers to manipulate it. This revelation sparked discussions about drone security issues.

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Similar problems have also been reported in the United States. Researcher Nils Rodday found that a certain type of drone valued between $30,000 and $35,000, used by the U.S. government, has serious security vulnerabilities that can be hacked from about a mile away, allowing control to be taken or even causing the drone to crash.

In simple terms, Rodday discovered that the wireless connection of the drone has security flaws. He only needs a laptop and a cheap RF chip to take control. Since the communication between the drone and its control module—the telemetry system—is unencrypted, hackers can reverse-engineer the flight control system, impersonate the controller, and send flight commands while also blocking the legitimate owner’s instructions. By exploiting the vulnerabilities, hackers can inject software packages, change waypoints, modify flight data, and reset return-to-home points. “Whatever the original owner can do, you can do too.”

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Nils Rodday and the police drone he ‘hijacked’

Such “good news” certainly cannot be shared casually. Rodday, who is currently working for IBM, demonstrated his research findings at the RSA Security Conference, and due to the sensitivity of the matter, he did not disclose which drone model it was. The drone’s manufacturer also signed a non-disclosure agreement with him, allowing him to continue testing. However, he hinted that the vulnerable drones have already been deployed to police and fire departments and can also be used in industrial scenarios, such as inspecting power facilities and wind turbines.

For Rodday, he is more concerned about the security vulnerabilities of drones, and he believes that other high-end drones are likely to have similar vulnerabilities. The drone he studied has two serious security issues. One is that the Wi-Fi connection between the telemetry module and the user control tablet uses weak encryption methods like WEP, which have been easily broken for a long time.

More seriously, the connection between the telemetry module and the drone itself uses an even weaker wireless protocol, with chips that are Xbee chips. These chips are typically used in mesh networks and, although they have some encryption measures, to reduce latency when sending commands to the drone, encryption is usually not utilized, making the drone susceptible to man-in-the-middle attacks. Moreover, interceptors can be up to a mile away, sending commands to the module and drone, changing the path of data packets in the network, thus establishing communication between the drone and the interceptor, ignoring the original operator’s commands.

Rodday has reported the vulnerabilities to the manufacturer, who has promised to issue patches. However, fixing drones that have already been sold is not straightforward because they are not connected to the internet and cannot be updated like we usually do. Even if users are willing to go through the hassle of downloading updates and installing them, this could slow down the drone’s response time to commands, which is something both manufacturers and users want to avoid. The best solution would be to add a chip specifically for handling security issues.

Although addressing these issues is quite troublesome, this is not the first time we have encountered such situations. In 2013, Samy Kamkar discovered that Parrot drones had no security measures for their wireless connections. He even created a Skyjack drone equipped with a Raspberry Pi that could intercept other drones in the air.

The communication vulnerabilities in drones are likely to be a widespread problem. The next time you lose a drone, in addition to considering a malfunction, you might wonder if it has been hijacked.

Fortunately, the vulnerabilities were discovered by “white hat” hackers.

In fact, the vulnerability exposed by CCTV was discovered as early as last October during the GeekPwn hacking competition, where a hacker contestant used wireless signal hijacking techniques to intervene and gain control of the DJI drone, successfully hijacking the drone and making it take off automatically without the remote control being manipulated. For those interested in this technical issue, you can refer to 《[Popular Science Article] What is Network Traffic Hijacking? Unveiling and Explaining Hacking Hijacking Techniques and Defense Methods (Part One)》.

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

The DJI drone taking off under the operation of the judge “Eagle” at GeekPwn

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Contestants at GeekPwn using wireless hijacking techniques to gain control of the drone from “Eagle”

GeekPwn is the world’s first security geek (hacker) competition platform focusing on smart living, initiated by Wang Qi, the founder of the top domestic security team Keen Team (known in the industry as the “Big Frog”), and has been successfully held twice since 2014. In the last edition, in addition to DJI drones, over 40 smart hardware products, including cameras, routers, and smartphones, were compromised, including the 360 smartphone launched by 360, which focuses on security. The purpose of this competition is to use hacking techniques to counter security vulnerabilities, discovering vulnerabilities through technical means to ultimately improve product performance and security. Regarding the hijacking of DJI drones, if you understand wireless hijacking techniques, the core vulnerability of such hijacking incidents lies in the insecurity of Wi-Fi. Wi-Fi routers can be easily hacked. The best way to avoid hijacking is to encrypt control signals.

According to subsequent reports from CCTV and responses from DJI, DJI promptly conducted firmware upgrades months ago after the vulnerabilities were exposed, which is consistent with the host’s statement that “the security vulnerabilities have been submitted to the relevant manufacturers and have been patched.” Currently, users of all DJI drone models can eliminate this risk as long as they ensure that their firmware is updated to the latest version.

Furthermore, CCTV’s report is not intended to suppress smart hardware products, but to remind the public of the security risks involved. As DJI stated in its immediate response, “CCTV showcased the potential security risks of various smart devices, including drones, to the national audience, allowing people to understand that the smart devices surrounding us day and night are also a double-edged sword. The short film broadcast during the 315 Evening Gala prompted many consumers who were immersed in enjoying the benefits of smart devices to begin reflecting calmly, which is a good start.”

DJI also stated that it has taken various measures to ensure the flight safety of its drones, including continuously updating and iterating its globally leading flight control system, implementing an effective internal security supervision system, and promoting flight safety knowledge to users through multiple channels.

There is no such thing as “absolute security” in this online world.

Anyone who has studied computer science knows that there is no absolute security in the online world. As Wang Qi said in the program, “Many devices are intelligent simply because they have added a network control function, which essentially makes it convenient for users to control remotely. However, once these devices have security vulnerabilities, malicious attackers can also exploit these vulnerabilities from a distance.” Many times, as we walk into convenient entrances, we also walk onto a more dangerous path. CCTV’s report is actually a warning to us that this path is not safe.

Of course, there is no need to overly amplify the associated risks. Unless there is profit to be made, hackers will not easily launch an attack without value. Moreover, for drones, if they are attacking the Wi-Fi router, there are distance limitations, and it is impossible for someone far away to suddenly control your drone. Nonetheless, it is very necessary to take precautions for our personal information security, and product manufacturers need to increase their investment in security.

We look forward to these hackers discovering vulnerabilities in drones and other products, as only by doing so can these manufacturers identify and promptly address issues. In this ongoing game of cat and mouse, information security issues will gain higher importance, and our information will be better protected.

The following is the full statement from DJI, which I believe is quite reasonable:

On the evening of Consumer Rights Day, DJI Innovation was pleased to see CCTV showcase the potential security risks of various smart devices, including drones, to the national audience, allowing people to understand that the smart devices surrounding us day and night are also a double-edged sword. The short film broadcast during the 315 Evening Gala prompted many consumers who were immersed in enjoying the benefits of smart devices to begin reflecting calmly, which is a good start.

Drones are a special type of smart hardware device that not only communicate closely with the operator but also interact in real-time with their flying environment. Therefore, compared to other smart devices, the safety of drones is of greater concern. As a leading global consumer drone company, DJI has always placed flight safety at the highest priority, with related efforts including continuously updating and iterating its globally leading flight control system, implementing an effective internal security supervision system, and promoting flight safety knowledge to users through multiple channels. Through these efforts, the safety guarantee of DJI products aligns with the brand’s reputation and influence among global consumers.

Regarding the possibility of drones being “remotely taken over,” DJI resolved this potential security vulnerability months ago through firmware upgrades. This is consistent with the host’s statement that “the security vulnerabilities have been submitted to the relevant manufacturers and have been patched.” Currently, users of all DJI drone models can eliminate this risk as long as they ensure that their firmware is updated to the latest version.

As the host stated, “From a technical perspective, there is no absolute security in this world.” The security of smart devices requires strict oversight from manufacturers, as well as a rational understanding from society as a whole. As the leader in the global drone market, DJI must strictly regulate itself and let its actions speak for themselves to ensure that consumers can purchase confidently and fly safely.

Finally, we thank this year’s 315 Evening Gala for providing a risk prevention awareness lesson to users of smart hardware devices.

Source: EET Electronic Engineering Magazine

Daily updates on drone news and insights!

Long press the QR code to follow us!

Discussing Hacking Techniques for DJI Drones at 315 Evening Gala

Leave a Comment