There’s a reason consumer drones have evolved from an expensive toy into a tool of war: They can perform high-altitude surveillance, carry out reconnaissance, or even deploy weapons, with their operator safely hidden as far as miles away. But hackers are revealing that for quadcopters sold by the world’s biggest drone manufacturer, operators aren’t nearly as hidden as they might think. In fact, these small flying machines are continually broadcasting their pilots’ exact locations from the sky, and anyone with some cheap radio hardware and a newly released software tool can eavesdrop on those broadcasts and decode them to extract their coordinates.
At the Network and Distributed System Security Symposium (NDSS) in San Diego this week, researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security demonstrated that they were able to reverse engineer the radio signals of drones sold by DJI, the leading manufacturer of consumer quadcopter drones, to decode a radio protocol they use called DroneID. By deconstructing this signal, the researchers could see that every DJI drone’s DroneID communications transmit not only its own GPS location and a unique identifier for that drone, but also the GPS coordinates of its operator.
That DroneID system was designed to allow governments, regulators, and law enforcement to monitor drones and prevent their abuse. But hackers and security researchers have warned for the past year that DroneID is unencrypted and open to anyone who can receive its radio signals. The German researchers, as well as another researcher working separately at the University of Tulsa, have now shown just how completely that signal can be decoded and read, allowing any hacker who can eavesdrop on DroneID to pinpoint a drone’s hidden operator, even if that drone pilot is miles away.
To publicly prove their findings, the German group has released a prototype tool to receive and decode DroneID data here.
The researchers’ discovery—and their public tool—provide new evidence of the serious privacy and operational security concerns DroneID presents for operators, especially considering that DJI drones are now often used in war zones, where revealing a drone operator’s location can draw enemy fire. And while DJI has an enormous majority share of the consumer drone market, the problem will only grow when new US Federal Aviation Administration regulations go into effect in September, mandating that all consumer drones implement systems similar to DroneID.
“This is a big problem, right?” says Moritz Schloegel, one of the Ruhr University graduate researchers presenting the DroneID findings at NDSS. “You might think your drone transmits its position. But suddenly, it’s transmitting your position as well. Whether you’re privacy-minded or you’re in a conflict zone, nasty stuff can happen.”