This post is also available in: heעברית (Hebrew)

We’ve have written at length on these pages about the dismal state of security in most consumer-grade tech products. For many manufacturers, it seems, security is no more than an afterthought. Turns out, even products headed into the hands of law enforcement can be easily hacked, as warned security researcher Nils Rodday.

Rodday, a researcher at the employ of IBM, recently demonstrated how even a high-tech, expensive police drone can be hijacked. A skilfull attacker could take control of an unmanned aerial vehicle (UAV) from over 1.5km away using only a laptop and a USB radio chip.

The attack, which Rodday discovered as a graduate student at the University of Twente in the Netherlands, is quite straightforward. Attackers, Rodday says, can exploit either the WiFi connection between the UAV’s “telemetry box” and the operator’s controller, or the radio protocol between the modules and the UAV itself. Both connections are weak and very susceptible to hacking.

Such a hack could give an attacker complete control over the drone. An attacker could do anything, from patching into the video stream from the UAV, to taking control of its flight and crashing it into people or buildings.

This slide shows that a hacker would only need to spend some $40 on equipment to perpetrate the attack.

Rodday’s research focused on a specific $21,000 surveillance drone used by the Dutch police, but he believes that the same flaws are present in a lot, if not most, of expensive and advanced drones. Authorities, he warns, must take precautions against this type of attack.