When a government intelligence staffer managed to crash his DJI Phantom drone on White House property, the Chinese manufacturer took the decision to issue a no-fly zone over the DC area. DJI already used GPS to implement invisible demarcations stopping users flying their machines into no-fly zones like airports, forcing them to land when they hit certain coordinates.
Unfortunately, as noted in a FORBES report on smartphone issues yesterday, there’s a vulnerability in GPS affecting most commercial drones that would allow a nearby hacker to spoof signals, change coordinates and commandeer an Unmanned Aerial Vehicle (UAV) and take it wherever they wanted, whether that’s the White House or Dulles airport. That’s according to researchers from China’s Qihoo, who demonstrated their attacks using the free and open source GNU Radio, amongst other tools, to alter the GPS coordinates on a DJI Phantom 3. Thanks to free or cheap software defined radio tools, and the old, broken GPS standard, it’s now inexpensive and relatively straightforward to carry out attacks on GPS, Lin Huang and Qing Yang warned.
Any hackers wanting to land a DJI or other drone on Obama’s lawn, or into other no-fly zones, can send spoof signals that would make it seem the UAV was in a safe zone, said Qing Yang, a member of Qihoo’s Unicorn Team TISI +%, a specialist research arm at the company that famously hacked a Tesla last year for a $10,000 prize. Being close enough to the drone to hack it would be a problem for attackers, though the Qihoo researchers set a radius of 100 metres in their tests.
Alternatively, it’s possible to take drones out of the sky by making them believe they’re in a no-fly area. In the video below, filmed from a camera on the UAV itself, the benevolent hackers do just that, forcing it to crash land
http://www.forbes.com/sites/thomasbrewster/2015/08/08/qihoo-hacks-drone-gps/