Drones infected with malware can drop from the sky or be hijacked for surveillance

A security engineer infected a 'toy' drone with Maldrone malware, which creates a persistent backdoor, so an attacker can remotely control the infected drone, cause it to drop from the sky, or hijack it to conduct surveillance.

Parrot AR Drone can be infected with malware for surveillance
Credit: Jamie McCaffrey

You’re minding your own business, when something in the sky snags your attention. Is it a bird or a plane? Nope, it’s a drone falling out of the sky because it’s infected with malware.

Yeppers, “you read that right,” wrote security engineer Rahul Sasi regarding the title of his post describing “Maldrone—the first backdoor for drones.” Although he shows off the malware by infecting a Parrot AR.Drone within wireless range, making it “drop like a brick,” theoretically an attacker could also take control of any drone with an ARM processor and Linux-based operating system and then use it for surveillance. Peachy.

Sashi plans to present “Drone Attacks: How I hijacked a drone” on February 6 at Nullcon in India. “Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick,” Sasi said. “But my backdoor instantly takes control, so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing.”

Sasi suggested SkyJack and Maldrone could be good buddies. The difference is that “SkyJack is an exploit” for the Parrot AR Drone and “Maldrone is the payload.” So once you exploit a vulnerability to hack a drone, that’s when you “install Maldrone as a backdoor.” He added that his “backdoor kills the autopilot and takes control.”

Oh, and the Maldrone “backdoor is persistent across resets,” meaning that resetting the drone to factory defaults will not remove the malware infection. The only way to get rid of the backdoor, according to Sasi, is to reinstall the drone’s original software.

Sasi’s backdoor can be silently installed on the “drone remotely, over a wireless connection, without the operator knowing. Once in place, an attacker can take control of the drone, perform remote surveillance using the drone's video camera, and possibly even spread itself to other drones, too.”

A drone infected with Maldrone can “intercept and modify data on the fly.” It can also connect to a “botserver and make it available for a botmaster.” It certainly sounds alarming that a botmaster can remotely take away control from the drone owner and then use that drone for something sinister like remote surveillance. It really makes you think when you consider that Sasi added, “There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions.”

Sasi is interested in making his malware generic enough that it could be “cross-compatible with other drones;” he’s also working on infecting a DJI Phantom.

It's not the first time a drone has been infected as James Halliday ("substack") created a “virus-copter.” He managed to take first place in the 2012 Drone Games held in San Francisco after he “wrote an insane virus that infects AR Drones, which then infect other AR Drones and causes them all to be p0wned and run amok.”

Also in 2012, for larger-scale drones, researchers warned that civilian drones were vulnerable to hackers, could be hijacked and used as missiles.

In 2013, security researcher Samy Kamkar came up with SkyJack, “a drone engineered to autonomously seek out, hack, and wirelessly take over other drones within Wi-Fi distance, creating an army of zombie drones under your control.”

Last month at Code Blue cybersecurity conference in Tokyo, Dongcheol Hong, hacker and CTO at SEWORKS mobile security company, demonstrated “how to ultimately compromise a drone by using drone's convenient features.” He added, “My malware, also known as HSDrone, enables itself to spread from one device to another and takes over privileges to compromise and control them.”

That bit of news flew completely under my radar, the same as the two-pound, two-foot drone flew under a White House radar system, crashed into a tree on the South Lawn, and caused a lockdown.

Drunk-flying under White House radar triggers DJI mandatory firmware update

The National Geospatial-Intelligence Agency employee’s drunk flying of a DJI Phantom 2 quadcopter prompted President Obama to call for more regulations. “The drone that landed in the White House you buy in Radio Shack," he said before referencing Amazon’s desire to use small drones to deliver packages in about 30 minutes. Hopefully Amazon would use a quadcopter manufacturer that applied security so that the software could not be replaced or infected with Maldrone.

Crashed DJI Phantom 2 quadcopter at White House Jeremy Diamond

After its drone breached White House security, DJI, who makes the quadcopter, said it plans to release a mandatory firmware update that will disable its devices from flying within 15.5 miles in all directions from the center of Washington DC; this serves as an extension of DJI’s No Fly Zone system, which uses the drone’s GPS location, to prohibit flight near 10,000 airports, “sensitive locations and to prevent flight across national borders.”

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Windows 10 annoyances and solutions
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.