Someone just posted in a goup on Facebook a Cyber Security post for some academic research they are doing. As I am interested in cyber security anyway with a working knowledge of it I did a cursory search for hacking drones via skyjacking. I wasn't surprised to learn that the vulnerability lies within the WIFI of any target drone. The hacker forcefully disconnects your drone from the legitimate source of wifi and connects it to yours so you can effectively steal it or do what you want with it.

How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack?

I have not heard of anyone being affected by this piracy.

It's a non issue. Don't worry about the unknown... Only the police and military have this ability.

Besides, the sky is falling. Ha


RedHotPoker

I'm sure that drones are waaaayyy down on the list for that sort of hacking.

RedHotPoker Posted at 2018-2-9 11:58
I have not heard of anyone being affected by this piracy.

It's a non issue. Don't worry about the unknown... Only the police and military have this ability.

But don’t worry, that cool gamer seat you ride in the new P5P+ has shock absorbers on it. ;-{)

Jeff

While I'd call this threat plausible it is not very likely on any given bases or timeframe.
Unless you tend to fly regularly and frequently at the same place or area the mere fact that you move around and don't hold a regular schedule makes that kind of an attack difficult to pull off.  In other words the attacker has to be in the right place at the right time with the right equipment ready to go in order to take advantage of the situation.  While plausible it is not likely, at least not for your average hobbyist.  
I would be suspicious of anyone hanging out at a fly club that does not seem interested in or actively involved in flying, but again the effort involved and planning necessary does not make that effort worthwhile.  
All in all you need to be more concerned about a bird attack, running in to a tree, or hitting a plane/helo, person, or property.  

Jeff Millard Posted at 2018-2-9 13:04
But don’t worry, that cool gamer seat you ride in the new P5P+ has shock absorbers on it. ;-{)

Jeff

Mine would need the additional bumper guards. Haha

And an umbrella for those drizzle days of spring.


RedHotPoker

Genghis9 Posted at 2018-2-9 13:10
While I'd call this threat plausible it is not very likely on any given bases or timeframe.
Unless you tend to fly regularly and frequently at the same place or area the mere fact that you move around and don't hold a regular schedule makes that kind of an attack difficult to pull off.  In other words the attacker has to be in the right place at the right time with the right equipment ready to go in order to take advantage of the situation.  While plausible it is not likely, at least not for your average hobbyist.  
I would be suspicious of anyone hanging out at a fly club that does not seem interested in or actively involved in flying, but again the effort involved and planning necessary does not make that effort worthwhile.  

As well, We have seven kinds of flying bats here, and our moths can get very large too. Haha

But the worst thing you can hit are them dratted flying squirrels. ;-)


RedHotPoker

'How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack? '

The first thing is to understand that the P4 aircraft does not use WiFi at all. It has a radio connection of a proprietary nature (Not WiFi) connecting the airccraft to the RC unit. The RC Unit has no WiFi either. The only possible WiFi connection is the phone or tablet you use to control the operation, so if you disable WiFi on that device, there is no mechanism to hack into it.

Geebax Posted at 2018-2-9 18:20
'How secure is the Phantom 4 Pro against this sort of attack, or indeed, any other type of attack/hack? '

The first thing is to understand that the P4 aircraft does not use WiFi at all. It has a radio connection of a proprietary nature (Not WiFi) connecting the airccraft to the RC unit. The RC Unit has no WiFi either. The only possible WiFi connection is the phone or tablet you use to control the operation, so if you disable WiFi on that device, there is no mechanism to hack into it.

OK, it makes sense. Now, let's assume the following scenario:

1. DJI drone is up to date, flying just charmingly on my property, no issue whatsoever, no NFZ in 500 miles radius.

2. Traveling 1000 miles away into total wilderness, no NFZ in 500 miles radius (checked at home), no WiFi, no cellular, no humanoid even within VLOS ... and no flying also ... Aircraft Disconnected, no video feed, RTH auto-activated.

3. No luck with re-boot after landing, drone's blind.


4. Back-up drone is blind as well, disconnected.  

It's happen to me at least three times last summer in random places. Drove to nearest village and drone was back in order. Go figure.

The question is simple: how to avoid such situation this coming season? Would WiFi disabling eliminate any ways of ingerence into my freedom to fly, beside obvious NFZ restrictions?

Matthew Dobrski Posted at 2018-2-9 19:10
OK, it makes sense. Now, let's assume the following scenario:

1. DJI drone is up to date, flying just charmingly on my property, no issue whatsoever, no NFZ in 500 miles radius.

Were these all P4 aircraft? All I can say is my P3P always flies without any cell, WiFi or anything, and it never has any issue.

Geebax Posted at 2018-2-9 19:36
Were these all P4 aircraft? All I can say is my P3P always flies without any cell, WiFi or anything, and it never has any issue.

No, only P3P and Inspire 1 Pro were "crippled" at random, but always both simultaneously. P4P+ - for change - was constantly struggling with chaotic NFZ data at this time ...

I believe this was the result of somehow panic DJI response to FW hacking attempts, a thing of the past remaining as a mystery. Still, it was possible somehow. Again than, what I must do to cut this umbilical cord, temporarily at least for the period of my wilderness adventures with DJI drones?

Edit: is it possible that my iPad Air2 was somehow confused in the middle of nowhere, causing trouble with Go app?

The list of drones that are currently susceptible to "skyjacking" (either through hijacking of the control signal/wifi or through GPS spoofing) are:

* Phantom (all)
* Inspire (all)
* Mavic
* Brezee
* Typoon
* Tornado
* Bebop
* AR.Drone 2.0

Many, if not all, drones can be hijacked quite easily

Matthew Dobrski Posted at 2018-2-9 20:22
No, only P3P and Inspire 1 Pro were "crippled" at random, but always both simultaneously. P4P+ - for change - was constantly struggling with chaotic NFZ data at this time ...

I believe this was the result of somehow panic DJI response to FW hacking attempts, a thing of the past remaining as a mystery. Still, it was possible somehow. Again than, what I must do to cut this umbilical cord, temporarily at least for the period of my wilderness adventures with DJI drones?

The only thing I can think of is the need to check your login with DJI each time you fly. My P3 is on very old firmware that never did this anyway. Stupid strategy on the part of DJI.

Thankfully RC helicopters don't have firmware that is infallible.

Who would take over a Parrot AR-Drone 2.0? Haha


RedHotPoker

If you want more information, try using the below text to google for info

hijacking or jamming a drone in flight
security researchers have made public vulnerabilities for these flying machines
compilation of vulnerable drone and vulnerability testing/exploit methodologies
reference of vulnerable drones
how drone vulnerability is currently exploited

CraigR Posted at 2018-2-9 20:47
The list of drones that are currently susceptible to "skyjacking" (either through hijacking of the control signal/wifi or through GPS spoofing) are:

* Phantom (all)

Many, if not all, drones can be hijacked quite easily
Only by a well equipped and dedicated hacker who knows you are going flying and just happens to be close by at the time you choose to go flying.
How often is that likely to happen?
On a list of things to be concerned about when flying, it doesn't rate.

Labroides Posted at 2018-2-9 21:03
Many, if not all, drones can be hijacked quite easily
Only by a well equipped and dedicated hacker who knows you are going flying and just happens to be close by at the time you choose to go flying.
How often is that likely to happen?

The OP didn't ask if it was practical or likely to happen though...

Edit: I guess they did sort of. But to answer their question directly the answer is "not very secure at all"

Geebax Posted at 2018-2-9 20:47
The only thing I can think of is the need to check your login with DJI each time you fly. My P3 is on very old firmware that never did this anyway. Stupid strategy on the part of DJI.

And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

The P3 remote is a WIFI hotspot... that's your WIFI

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

You can simulate remote-no wifi conditions at home by switching your tablet to airplane mode and test like that.

CraigR Posted at 2018-2-9 21:21
The P3 remote is a WIFI hotspot... that's your WIFI

Not in the wilderness - that's what he's been asking about.

CraigR Posted at 2018-2-9 21:16
The OP didn't ask if it was practical or likely to happen though...

Edit: I guess they did sort of. But to answer their question directly the answer is "not very secure at all"

Since he's never going to encounter the mythical hacker that could easily hijack his Phantom, so the answer is: It's never going to happen.

Labroides Posted at 2018-2-9 21:29
Not in the wilderness - that's what he's been asking about.

The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It
creates a mobile WiFi hotspot operating at 2.400GHz-2.483GHz that the mo-
bile device connects to.  The mobile device sends instructions and settings to
the  controller,  and  the  controller  relays  these  instructions  to  the  drone  via  a
5.725GHz - 5.825GHz radio signal"
Citation: Trujano, F., Chan, B., Beams, G. and Rivera, R. Security Analysis of DJI Phantom 3 Standard. 2016 - MIT - Boston

Matthew Dobrski Posted at 2018-2-9 21:19
And this is impossible, Brother Geebax! Remember, I'm in the middle of nowhere. No WiFi, no cell, no Internet, no civilization other than satellites above ...

OH, Mathew have you left our presence in the capital city? Haha

Oh yeah, wilderness, Alberta. Yes. Boonies... Chuckles

Has Shaw cut off your wifi modem? ;-)



RedHotPoker

CraigR Posted at 2018-2-9 21:33
The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It

This is logical, the entire system is self-sufficient, therefore no external "intervention" (other than GPS- coordinated restrictions of NFZ) should be necessary to perform flying in remote areas far from civilization. Yet, somehow both P3P and Inspire 1 Pro were disconnected at particular places, randomly and with no pattern whatsoever. It seemed almost like an imaginary mainframe computer lost  communication with some members of the swarm and neglected drones were left in confusion. It was the most bizarre behavior I've ever encountered in my 3-years long adventure with DJI drones, never actually explained. Oh, well ...

RedHotPoker Posted at 2018-2-9 20:50
Thankfully RC helicopters don't have firmware that is infallible.

Who would take over a Parrot AR-Drone 2.0? Haha

In one type of Skyjack attack a Parrot AR is used as the 'mother' craft, sending out the hijack.

I've not posted links to demonstrations for obvious reasons but if you google 'skyjack drone' you'll find more than one way of doing it

Labroides Posted at 2018-2-9 21:31
Since he's never going to encounter the mythical hacker that could easily hijack his Phantom, so the answer is: It's never going to happen.

Likelihood was only a small part of the overall question.

CraigR Posted at 2018-2-9 21:33
The remote itself is a WIFI hotspot.

"The  controller  serves  as  the  main  source  of  communication  to  the  drone.   It

It doesn't matter if the remote is a wifi hotspot or if he enables hotspotting on his phone.
Out in the wilderness, he's not going to be able to connect with the rest of the world.

Labroides Posted at 2018-2-10 03:35
It doesn't matter if the remote is a wifi hotspot or if he enables hotspotting on his phone.
Out in the wilderness, he's not going to be able to connect with the rest of the world.

But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

"Many of the attacks described in here are made possible because of an unsecured
WiFi network.  While all drones are secured by WPA-PSK2 WiFi, they all share
the same default password of [...].  DJI allows users to change the WiFi
password, but this setting is hidden in the app.  As such, our main suggestion
is to force people to change their WiFi password on first use.  This will ensure
that drone’s network is protected from automatic tools that scan for SSIDs"

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

Fascinating
But I was responding to posts #9 & #11 which were not at all related to the hypothetical hijacking of Phantoms.
Still if Sasquatch is out there and tooled up to hack Phantoms, perhaps .......

Hazy Jay Posted at 2018-2-10 03:23
In one type of Skyjack attack a Parrot AR is used as the 'mother' craft, sending out the hijack.

I've not posted links to demonstrations for obvious reasons but if you google 'skyjack drone' you'll find more than one way of doing it

You can have my Parrot AR-Drone 2.0 if you want to experiment. ;-)


Make a video, and post it for us to admire.... Ha


RedHotPoker

RedHotPoker Posted at 2018-2-10 12:06
You can have my Parrot AR-Drone 2.0 if you want to experiment. ;-)

I'll take you up on that as it goes. I can try this against my own p4p and play about and film each session

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

You keep referring to the P3 remote hotspot, is that the P3 Standard which does operate to standard wifi protocols ? In which case it may be easy to hack as you say. Yes you could change that password (I believe).
But the rest of the P3 series and P4s use a protocol called 'lightbridge', as such it wouldn't be susceptible to the usual 'wifi' snooping tools etc.

Hazy Jay Posted at 2018-2-10 12:37
I'll take you up on that as it goes. I can try this against my own p4p and play about and film each session

I'm keen to know how one would fly both at once, with the iPad running the Go app?

How would the AR-Drone be flown, from the device screen?


RedHotPoker

RedHotPoker Posted at 2018-2-10 13:21
I'm keen to know how one would fly both at once, with the iPad running the Go app?

How would the AR-Drone be flown, from the device screen?

Ha ha

Either myself or my cybersecurity friend will fly the P4P, and vice versa the hijacking drone. This topic has opened up a large amount of discussion between us and some others in CS given that even secure wifi AP's are vulnerable to a certain type of wifi attack.

I can't openly disclose the details of how any hack would work for obvious reasons. My interest is sufficiently piqued though, just from a 'can it really be done that easily' point of view

CraigR Posted at 2018-2-10 04:18
But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller

Edit: For those who want to know one big thing they can do to secure their P3 remote, the same paper I cited earlier recommends changing the WiFi password (this is the WiFi network created by the P3's remote). This mitigates trivially connecting to your remote by using the factory default password. Their recommendation is quoted below (there are two other recommendations in the paper but nothing that we as end users can do).

'But a "hacker" can connect to that WiFi hotspot (the remote) and it's very easy to do. They don't need the internet or the outside world to connect to the remote controller and the aircraft. I guess the most applicable term is an intranet. So, if he and a hacker are in the same area of wilderness then the hacker simply connects to the WiFi hotspot created by the remote controller'

Only the controller for the older P3 models, not even the P3P or P3A, use WiFi.
The OP specifically asked about the P4 in his opening post. The P4 does not use WiFi of any sort. Refer to my post #8.

Hazy Jay Posted at 2018-2-10 13:37
Ha ha

Either myself or my cybersecurity friend will fly the P4P, and vice versa the hijacking drone. This topic has opened up a large amount of discussion between us and some others in CS given that even secure wifi AP's are vulnerable to a certain type of wifi attack.

Cyber-security eh? Haha

They must be a friend, to offer up their time and piloting skill for a pointless maneuver.


It would be interesting to fly a Phantom 3 Standard, near an AR-Drone 2.0 both using their own generated wifi network.

Any other pairing options would be fruitless.


RedHotPoker

Here are a few novel ways to bring a drone down.;-)

https://www.wired.com/video/the-best-anti-drone-weapons-from-shotguns-to-superdrones



RedHotPoker

Aardvark Posted at 2018-2-10 13:18
You keep referring to the P3 remote hotspot, is that the P3 Standard which does operate to standard wifi protocols ? In which case it may be easy to hack as you say. Yes you could change that password (I believe).
But the rest of the P3 series and P4s use a protocol called 'lightbridge', as such it wouldn't be susceptible to the usual 'wifi' snooping tools etc.

It seems that now that they have done away with the P3P and P3A, DJI has now upgraded the P3 Standard to Lightbridge. At least that what it seems, DJI store says "This Phantom’s newly enhanced Wi-Fi video transmission

system allows you to fly farther while maintaining a crystal

clear live camera view. The Phantom 3 SE offers reliable

control and image transmission from up to 4 km away, so

all you have to focus on is getting the best shots possible.*

Although it says newly advanced wifi ,I'm not aware of any wifi that has a 4km range, so I assume its Lightbridge. Perhaps though DJI has customized wifi somehow to get it to transmit that far?