Maldrone bills itself as the “first backdoor for drones.” Developed by security researcher Rahul Sasi, this malware tricks a drone’s autonomous decision-making unit into handing over control to a hacker. Once the drone has been infected, that hacker can do anything from flying the drone to the destination of their choice to making the drone just drop out of the sky.
Sasi demonstrated Maldrone’s ability in a demo and outlined the specifics of the malware on a hacker forum.
This isn’t the first time someone’s developed malware for UAVs—it really isn’t—but it is unique for a few reasons. First of all, as Sasi himself points out, past malware targets the drone’s API, whereas Maldrone goes straight for the brain—the autonomous decision-making unit.
And unlike past hacks that were specific to a particular make and model of drone, Maldrone is designed to work with any drone software. The demo shows the malware taking over a Parrot AR drone, but Sasi says he’s also implementing the malware on a DJI Phantom.
Source: Gizmodo
Interesting attack vector. But despite the author’s claims, it is still specific to each type of vehicle and not generic to any drone. IOW, a hacker would have to reverse engineer the interfaces to the sensors and then write the interfaces to intercept that data for that drone. While he doesn’t actually seem to control the drone (i.e. he only intercepts the sensor data), he can make the pilot lose control, by changing that data before it gets to the autopilot to confuse the autopilot. However a real hack would also intercept the controls so it It also had the ability to control the platform. It also requires an exploit to be available in order to install the malware package. There are exploits available for the Parrot and other systems so that is too difficult a feat.
Still this points to the need for greater security measures to protect drones from such hacks. His particular hack, modding program.elf, can be overcome using common code verification measures that would not be hard for manufacturers to implement.
“Once the drone has been infected…”
How, exactly, does the unit become infected?
…and why wouldn’t he be totally funded by the FAA?