Skip to main content

Can hackers seize control of your DJI drone with this trick?

Michigan State University “hackers” say they have discovered a serious security vulnerability in drone camera systems through which an attacker can seize control of an aircraft from its pilot. So, is your DJI drone at risk?

According to a team of Spartan hackers, all it takes is two bright spots of light to trick drones into thinking they are heading for an obstacle.

This team, that attacks products “so their manufacturers can fix problems and protect consumers before somebody malicious takes advantage,” says it can essentially make drones hallucinate, which begs the question…

How does drone hallucination work?

Here’s how…

If someone were to shine bright lights, say from projectors or flashlights, into a drone’s cameras in a specific manner, the software would interpret the lights as a single obstacle in its path and engage the drone’s autonomous controls designed to avoid collisions. So, by adjusting the lights, the attacker would be able to control where this phantom object appeared to the drone and steer the vehicle.

“We can start manipulating the drone by controlling the angles and intensity of the light. By controlling the ‘object’ location, we can control in which way the drone moves,” explains Qiben Yan, an assistant professor of computer science and engineering.

In their experiments, Yan and his team were able to successfully target quadcopters equipped with ZED and Intel RealSense commercial stereo cameras from dozens of yards away. This distance, Yan stresses, is enough for would-be attackers to gain control of a drone and avoid being detected by its rightful operator.

“Imagine that an Amazon delivery drone is under such an attack,” Yan says. “Your packages would be effectively seized by the attacker, while the drone pilot has no idea why it’s happening.”

Also read: Forget Amazon, Walmart’s 30-minute residential drone delivery service is now live

Is your DJI drone at risk of ‘light trick’ hacking?

DroneDJ contacted DJI to understand if their drones could be hacked in a similar manner. This is what Adam Lisberg, who heads North American communications for DJI, told us:

This paper describes a clever but limited method to fool the stereo vision system of a drone or other autonomous system. Executing it in the real world would require unobscured access to a nearby drone, precise movements of carefully calibrated lights, and a lot of luck.

We strongly object to anyone describing this lighting trick as “hacking” a drone – it can’t truly take command of a drone, it doesn’t put any drone data at risk, and it doesn’t penetrate DJI’s strong cybersecurity protections.

The researchers have conveyed their findings to our R&D team, and we will keep their work in mind as we continue developing the world’s safest, most capable, and most advanced drone flight systems.

Meanwhile, Yan also agrees that “light trick” attacks can be thwarted in a pretty straightforward manner. Countermeasures could include putting lens hoods over the drone’s cameras to block some of the light and updating the drone’s obstacle avoidance software.

“Once [drone manufacturers] know the existence of an attack, they can specifically tune their algorithms for defense,” Yan says. “We don’t think it’ll be very hard to do.”

Potential security threat for self-driving cars

While losing control of a drone isn’t great, Yan points out that this kind of vulnerability poses bigger and more serious questions about the potential safety of self-driving cars and trucks. If a larger autonomous vehicle could be manipulated in a similar way using low-cost light projectors, the risk for harm could be much greater.

Fortunately, autonomous vehicles use more sophisticated camera systems and more powerful software controls than commercial drones. But “it’s still good to test it,” Yan quips, adding that his colleagues have been in touch with vendors of commercial autonomous vehicles to run similar tests.

In the meantime, Yan does have some advice for Tesla owners:

Be vigilant and always keep your hands on the wheel.

Read more: Sweden escalates ‘drone hunt’ as more illegal flights are spotted over nuclear sites, palaces

FTC: We use income earning auto affiliate links. More.

DJI FPV discount sale
You’re reading DroneDJ — experts who break news about DJI and the wider drone ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow DroneDJ on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel.

Comments

Author

Avatar for Ishveena Singh Ishveena Singh

Ishveena Singh is a versatile journalist and writer with a passion for drones and location technologies. She has been named as one of the 50 Rising Stars of the geospatial industry for the year 2021 by Geospatial World magazine.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications