Citrix engineer, Rahul Sasi has found and exploited a backdoor in Parrot Drones (AR). The parrot hack allows the flying machines to be remotely hijacked.
The Hobby hacker developed what he said was the first malware dubbed Maldrone which exploits a new backdoor in the drones.
Rahul said the backdoor could be exploited for any Parrot drone within wireless range.
“Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick,” Sasi was quoted as saying.
“But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing.”
Sasi’s research will be presented at Nullcon in the next couple of weeks, this could give attackers control of drones or access to on-board video feeds. The code involved is different to previously disclosed attacks in that it bypasses authentication and does not simply rely on cutting and then commandeering wireless connections.
Sasi said it could be combined with something called the Skyjack attack to make the backdoor wormable (able to be installed and then spread).
Parrot’s drones already expose a “high level” API (Application Program Interface), Sasi said, which allows control via AT (Attention) commands. Even though the API could be used to attack drones, Sasi persevered in finding explicit backdoors in the machines.
The engineer spent five months reversing the proprietary AR Drone program.elf and developing Maldrone and would, over the following year, attempt to hack industrial drones.
He said manufacturers should conduct security audits for drone software and noted Maldrone would need to be reworked to attack other drone makes.
Many people think of hackers as shadowy deviants who spend their whole lives trying to bring misery to others. I believe the world needs more hackers, as, without them, we would not realise how open to attack we are and thus change said vulnerabilities.