Via Forbes – With so many reports of poor security on consumer drones, UAV enthusiasts would be forgiven for thinking manufacturers would have added mitigations against the most basic attacks. But, looking at one particularly popular model of drone, such hopes might be misplaced.
Earlier this month, the U.S. government-sponsored Carnegie Mellon Computer Emergency Response Team was compelled to put out a warning on the DBPOWER Quadcopter, which was vulnerable to a rudimentary attack that allowed anyone within range of the drone’s Wi-Fi connection to take it out of the sky. The researchers who uncovered the bug, from the Cyber-Physical Systems Security Lab at University of Texas at Dallas, put together a video for Forbes showing how they quickly obtained root access to the quadcopter and cut its power.
The Chinese-made drone is currently listed as a best seller at $140 on Amazon (though it’s been reduced to $80). It contained a number of worrying vulnerabilities, according to UT Dallas researcher Junia Valente.
“The device contains an open access point not protected by any password and a misconfigured FTP [file transfer protocol] server that allows unauthorized users to read and write to the drone filesystem,” Valente said. “One of the attacks we did was precisely to overwrite sensitive system files to gain full root access.”
She explained that the misconfigured FTP access allowed the researchers to overwrite a system file to remove the password for the root user. That gave them complete control of the drone and shut the power off, preventing the drone owner from controlling their flying machine with the system’s proprietary smartphone app.
As the drone could take photos and record videos, a malicious hacker could also download the footage without the victim ever knowing, Valente noted.
Source | Forbes
ABOUT THE UT DALLAS COMPUTER SCIENCE DEPARTMENT
The UT Dallas Computer Science program is one of the largest Computer Science departments in the United States with over 2,100 bachelor’s-degree students, more than 1,000 MS master’s students, 150 PhD students, and 86 faculty members, as of Fall 2016. With The University of Texas at Dallas’ unique history of starting as a graduate institution first, the CS Department is built on a legacy of valuing innovative research and providing advanced training for software engineers and computer scientists.