Maldrone: Malware which hijacks your personal drone

Researchers discover a backdoor in the widely available drones that lets anyone hijack it

Welcome to the world of Internet of Things where the malwares, trojans and backdoors are no longer limited to PCs, mobile devices, corporate networks but can be found in your daily use electronic items and toys. Researchers have found that one of the favourite toys of our generation, the consumer drone has a backdoor which can be used to hijack it.

Consumer drones

Drones or unmanned aerial vehicles (UAVs) have moved from being a military toy to commercial consumer sector within the past few years. Companies find it relatively cheap to produce, tiny, personal UAVs and it can be purchased by anybody save in select countries where drones are banned due to security reasons.  The commercial drones are used for variety of purposes like advanced photography,  capturing sports, hobby and even pizza delivery.

A French company Parrot has been relatively successful company which markets AR Drones.  Now a Indian security researcher Rahul Sasi has discovered a backdoor in the AR Drones.  This backdoor has been exploited by him to create a malware called Maldrone. Parrot’s the AR quadcopter helicopter drone which is controllable via smartphone, tablet, Nvidia Shield console and Epson Moverio display, among others has been demonstrated by him to be vulnerable to a newly-created malware Maldrone.

 “In this we would show infecting a drone with Maldrone and expecting a reverse tcp connection from drone. Once connection is established we can interact with the software as well as drivers/sensors of drone directly. There is an existing AR drone piloting program. Our backdoors kills the autopilot and takes control. The Backdoor is persistent across resets.”

Rahul says the malware is silently installed on a drone, and allows hackers to control the device remotely and conduct surveillance.  He has released a demo video of Maldrone

Rahul has stated that the backdoor may be existing on most of the drones available in the market, “There are over 70 nations building remotely controllable drones. Most of these drones are capable of making autonomous decisions. Countries buy drones from their neighbors. What are the possibilities that there could be a backdoor in the drone you brought? What are the possible ways you can backdoor a drone? What would be the impact if security issues are found in computer devices that make decisions of their own?”

The discovery of the backdoor in a drone can be a big problem because drones can be used for horrible things if controlled by cyber criminals and terrorists. Remember drones are not only great hobby or past time anymore, they are flying weapons in wrong hands.

LEAVE A REPLY

Please enter your comment!
Please enter your name here