Michigan State University “hackers” say they have discovered a serious security vulnerability in drone camera systems through which an attacker can seize control of an aircraft from its pilot. So, is your DJI drone at risk?
According to a team of Spartan hackers, all it takes is two bright spots of light to trick drones into thinking they are heading for an obstacle.
This team, that attacks products “so their manufacturers can fix problems and protect consumers before somebody malicious takes advantage,” says it can essentially make drones hallucinate, which begs the question…
How does drone hallucination work?
Here’s how…
If someone were to shine bright lights, say from projectors or flashlights, into a drone’s cameras in a specific manner, the software would interpret the lights as a single obstacle in its path and engage the drone’s autonomous controls designed to avoid collisions. So, by adjusting the lights, the attacker would be able to control where this phantom object appeared to the drone and steer the vehicle.
“We can start manipulating the drone by controlling the angles and intensity of the light. By controlling the ‘object’ location, we can control in which way the drone moves,” explains Qiben Yan, an assistant professor of computer science and engineering.
In their experiments, Yan and his team were able to successfully target quadcopters equipped with ZED and Intel RealSense commercial stereo cameras from dozens of yards away. This distance, Yan stresses, is enough for would-be attackers to gain control of a drone and avoid being detected by its rightful operator.
“Imagine that an Amazon delivery drone is under such an attack,” Yan says. “Your packages would be effectively seized by the attacker, while the drone pilot has no idea why it’s happening.”
Also read: Forget Amazon, Walmart’s 30-minute residential drone delivery service is now live
Is your DJI drone at risk of ‘light trick’ hacking?
DroneDJ contacted DJI to understand if their drones could be hacked in a similar manner. This is what Adam Lisberg, who heads North American communications for DJI, told us:
This paper describes a clever but limited method to fool the stereo vision system of a drone or other autonomous system. Executing it in the real world would require unobscured access to a nearby drone, precise movements of carefully calibrated lights, and a lot of luck.
We strongly object to anyone describing this lighting trick as “hacking” a drone – it can’t truly take command of a drone, it doesn’t put any drone data at risk, and it doesn’t penetrate DJI’s strong cybersecurity protections.
The researchers have conveyed their findings to our R&D team, and we will keep their work in mind as we continue developing the world’s safest, most capable, and most advanced drone flight systems.
Meanwhile, Yan also agrees that “light trick” attacks can be thwarted in a pretty straightforward manner. Countermeasures could include putting lens hoods over the drone’s cameras to block some of the light and updating the drone’s obstacle avoidance software.
“Once [drone manufacturers] know the existence of an attack, they can specifically tune their algorithms for defense,” Yan says. “We don’t think it’ll be very hard to do.”
Potential security threat for self-driving cars
While losing control of a drone isn’t great, Yan points out that this kind of vulnerability poses bigger and more serious questions about the potential safety of self-driving cars and trucks. If a larger autonomous vehicle could be manipulated in a similar way using low-cost light projectors, the risk for harm could be much greater.
Fortunately, autonomous vehicles use more sophisticated camera systems and more powerful software controls than commercial drones. But “it’s still good to test it,” Yan quips, adding that his colleagues have been in touch with vendors of commercial autonomous vehicles to run similar tests.
In the meantime, Yan does have some advice for Tesla owners:
Be vigilant and always keep your hands on the wheel.
Read more: Sweden escalates ‘drone hunt’ as more illegal flights are spotted over nuclear sites, palaces
FTC: We use income earning auto affiliate links. More.
Comments