Loudmouth DJI Drones Tell Everyone Where You Are
When commercial quadcopters started appearing regularly in the news, public safety was a topic of conversation. How do we keep them out of airports, for example? Well, the big drone companies didn’t want the negative PR, so some voluntarily added geofencing and tracking mechanisms to their own drones.
As far as DJI is concerned, one such mechanism is DroneID: a beacon on the drone itself sending a set of data, including the GPS location of its operator. DJI also, of course, sells the Aeroscope device, which receives and decodes DroneID data declared for government use. As is often the case with privacy-compromising technologies, it turns out it was more of a compromise than we expected.
Questions began to arise last year when off-the-shelf quadcopters (including those made by DJI) began playing a role in the Russian-Ukrainian war. It didn’t take long for Ukrainian forces to notice that the launch of a DJI drone led to the swift attack of its operators, and word is that Russia had received some aeroscopes from Syria. DJI’s response was that their products were not intended to be used in this way, and shortly thereafter cut sales in both Russia and Ukraine.
But security researchers recently discovered that the situation is actually worse than we expected. Back in 2022, DJI claimed that DroneID data was encrypted, but [Kevin Finisterre]The company’s research proved this to be a lie he finally admitted it after The Verge pushed them to the point. It wouldn’t even be hard to implement worse-than-nothing encryption that would hold up mathematically. However, DroneID doesn’t even seem to try: lo GitHub repository with a DroneID decoder that you can use if you have an SDR key.
Unfortunately, the days of companies like DJI are coming to an end vs anti-copter talking points seems to be over. Now they provide an example of how devices can unreservedly undermine the privacy of their owners. It seems it’s up to the frontline hackers to learn how to take down DroneID, just like we did with the non-nuanced limitations of RF power, or the DJI DRM battery, or transplant firmware between hardware-identical DJI flight controller models.
Now to put something “DroneID is encrypted” and then get some bed. Before + WEP key for c2 connection. Next – WEP key for c2 connection… see who else is there? The unencrypted droneID packet. thanks for the game @DJIFlySafe @djienterprise @djiglobal @djisupport @adamlisberg! pic.twitter.com/SizPM7sfZ3
— KF (@d0tslash) March 31, 2022
Comments are closed.