This Hacker Tool Can Pinpoint a DJI Drone Operator’s Exact Location

This DroneID system is designed to allow governments, regulators and law enforcement agencies to monitor drones and prevent their misuse. But hackers and security researchers have warned over the past year that DroneID is unencrypted and open to anyone who can pick up its radio signals. The German researchers, as well as another researcher working separately at the University of Tulsa, have now shown how completely this signal can be decoded and read, allowing any hacker who can eavesdrop on DroneID to determine the drone’s hidden operator, even if that drone the pilot is miles away.

To publicly prove theirs findingsthe German group released a prototype tool for receiving and decoding DroneID data here.

the researchers discovery— and their public tool — provide new evidence of the serious privacy and operational security concerns that DroneID presents for operators, especially given that DJI drones are now often used in war zones, where revealing the location of a drone operator can attract enemy fire. And while DJI has a huge majority share of the consumer drone market, the problem will only grow when new US Federal Aviation Administration regulations take effect in September, requiring all consumer drones to implement systems similar to DroneID.

“It’s a big problem, isn’t it?” says Moritz Schloegel, one of the graduate researchers at Ruhr University who is presenting DroneID’s findings at the NDSS. “You might think your drone is giving away its position. But suddenly it gives up Yours position too. Whether you value your privacy or are in a conflict zone, unpleasant things can happen.

DJI’s DroneID became the subject of controversy last spring when the Ukrainian government criticized the company because Russian military forces used DJI drones to guide their missiles and used the radio signals emitted by Ukraine’s own DJI drones to locate Ukrainian military personnel. China-based DJI has been around for a long time sold a suitcase-sized device called an aeroscope to government regulators and law enforcement, allowing them to receive and decode DroneID data, pinpointing the location of each drone and its operator from up to 30 miles away.

DJI’s DroneID and Aeroscope devices are touted for civilian security purposes, such as preventing disruptions to airport runways, protecting public events and detecting attempts to smuggle cargo into prisons. But the Deputy Minister of Defense of Ukraine writes in a a letter to DJI that Russia has reconfigured Aeroscope devices from Syria to track Ukrainian drones and their operators, with potentially deadly consequences.

Comments are closed.