Hijacking drones with malware

A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem.

While in this particular case the actual danger turned out to be non-existent, the fact that these devices can be hijacked and misused for malicious purposes is something that the manufacturers will have to think about very soon.

“There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions,” says Rahul Sasi, a security engineer at Citrix R&D, who’s scheduled to talk about drone security and demonstrate possible methods for drone hijacking, including an attack with MalDrone (a.k.a. Malware Drone), at the Nullcon conference in February.

“Countries buy drones from their neighbors. What are the possibilities that there could be a backdoor in the drone you bought. What are the possible ways you can backdoor a drone. What would be the impact if a security issues is found in a computer devices that make decisions of their own.”

Sasi created MalDrone, the first backdoor malware for the AR drone ARM Linux system, to target Parrot AR Drones, but says it can be modified to target others as well.

The malware can be silently installed on a drone, and be used to control the drone remotely and to conduct remote surveillance.

More information about the malware can be found here, and Sasi has also filmed a demonstration of the hijacking:




Share this