FTC hacked drones in privacy demo
- By Matt Leonard
- Jan 10, 2017
In a demonstration of security vulnerabilities in popular products, Federal Trade Commission researchers hacked into and took control of consumer-grade drones, according to Recode.
At a workshop in October, the researchers tested the AR Drone Elite Quadcopter from Parrot, the Hawkeye II 2nd FPV Motion Sensing Quadcopter from DBPower and the oneCase CX-10w made by Cheerson.
The researchers took control of video for all three drones and full operational control of two. “They were able to connect to one of the drone’s camera feeds from any computer, since the drone’s Wi-Fi access point wasn’t password protected,” Recode reported.
The ability to hack into consumer drones is no secret. On the Netflix myth-busting show White Rabbit Project, host Kari Byron spoke with a hacker who showed her how to take over a drone using a Raspberry Pi and a few lines of code.
In 2012, researchers from the University of Texas at Austin's Radionavigation Laboratory demonstrated for federal officials how it was possible to take over a military grade drone. “Each one of these could be a potential missile used against us,” UT Professor Todd Humphreys told Fox News after the demonstration. A cybersecurity researcher at the 2016 RSA conference explained how he hacked into a quadcopter of the sort used by police and fire departments across the country.
The technology company Department 13, meanwhile, is hacking drones in a slightly different way: post flight. It’s working with law enforcement agencies to gather metadata from drones used in criminal activity. The company bypasses drone encryption by extracting the encryption key from the drones’ memory.
Matt Leonard is a former reporter for GCN.