DSMX hacked?
#1
Thread Starter
DSMX hacked?
I can't imagine that the other protocols can't be far behind. More than a little concerning that Horizon Hobby would not comment. I'm reminded of what a wise public affairs officer once told me: "Bad news is like dead fish, it doesn't smell better with time."
http://www.pcworld.com/article/31361...-hijacked.html
http://www.pcworld.com/article/31361...-hijacked.html
#2
Banned
My Feedback: (8)
I can't imagine that the other protocols can't be far behind. More than a little concerning that Horizon Hobby would not comment. I'm reminded of what a wise public affairs officer once told me: "Bad news is like dead fish, it doesn't smell better with time."
http://www.pcworld.com/article/31361...-hijacked.html
http://www.pcworld.com/article/31361...-hijacked.html
#4
Thread Starter
How hard would it be to say this? "We are aware of the reports and we are investigating. We take this matter seriously. Pending the results of the investigation, we will comment and take action if warranted."
#6
Banned
My Feedback: (8)
What prompted the ad hominem attack on the military? For the vast majority of my career we were taught that within the limits of security and privacy, we were taught to be open and honest, but stick to the facts,
How hard would it be to say this? "We are aware of the reports and we are investigating. We take this matter seriously. Pending the results of the investigation, we will comment and take action if warranted."
How hard would it be to say this? "We are aware of the reports and we are investigating. We take this matter seriously. Pending the results of the investigation, we will comment and take action if warranted."
#7
Thread Starter
Oh please, who attacked the military, that is a desperate diversionary ploy there. It's interesting to hear and see what you were taught when you were active duty, back in the day. That was then, and this is now. That was military, this is civilian. If you don't see what the difference is there, and how the two entities would respond, there's nothing I can say that would make a difference. Given your proposed response I can safely say you've never issued a press/media release, or at least not one that's ever dealt with civil litigation. Hint: less is more. There are far fewer concerns about a "no comment" than there are those that will attack and parse what those three sentences. And don't misunderstand, I'd like to see more and be comforted by that kind of language as an end user or consumer, but that's just not what really happens anymore.
Why do you think there's firms out there who's business it is to do crisis communications? No comment may work for politicians, but it doesn't work for safety issues. Just ask Tanaka. Just ask VW.
#9
There isn't a protocol out there that can't be hacked. HH not commenting immediately is nothing surprising or shocking in any way, . Perhaps what worked for the military public relations machine back in the past doesn't quite fit modern day communication standards. Chances are they will actually research the issue and give a well thought out response rather than just issue an immediate comment. A lot goes into media releases, even more so when it can/might have an effect on the bottom line.
and only by using equipment not readily available to the average person.
#10
Banned
My Feedback: (8)
As far as sending a a high level signal that overshadowes the legitimate signal otherwise know as jamming yes all protocols can be jammed. But as for hacking a proper designed system that should be extremely difficult
and only by using equipment not readily available to the average person.
and only by using equipment not readily available to the average person.
#12
heard of any.
#13
My Feedback: (5)
If you watch the video you can see what appears to be a hard reset occurring on the receiver and not a handshake takeover. This looks more like a "crashing" device.
I suppose if the model was high enough control could be established after a reset but rather doubtful.
I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.
Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.
https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
I suppose if the model was high enough control could be established after a reset but rather doubtful.
I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.
Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.
https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
#14
Banned
My Feedback: (8)
If you watch the video you can see what appears to be a hard reset occurring on the receiver and not a handshake takeover. This looks more like a "crashing" device.
I suppose if the model was high enough control could be established after a reset but rather doubtful.
I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.
Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.
https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
I suppose if the model was high enough control could be established after a reset but rather doubtful.
I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.
Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.
https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
I posted a link to a story about a passenger hacking into the flight systems of an actual plane while in flight....and not a peep out of that story. But oh god, think of downside to our toys being hacked. lol.
#15
Senior Member
Join Date: Mar 2002
Location: Kingston,
ON, CANADA
Posts: 4,925
Likes: 0
Received 3 Likes
on
3 Posts
I can see one of these being used on one of these new full sized remote controlled cars and tractor trailers. Crank that tractor trailer up to full throttle on a highway, with no one controlling it.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
#16
Banned
My Feedback: (8)
I can see one of these being used on one of these new full sized remote controlled cars and tractor trailers. Crank that tractor trailer up to full throttle on a highway, with no one controlling it.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
http://www.cnbc.com/2016/10/25/drive...ing-truck.html
#19
RCU Forum Manager/Admin
My Feedback: (9)
I normally try to stay out of discussions like this. But this one is indeed intriguing, and in some aspects just outright scary. While I don't fly a radio using DSMx I have attended and covered plenty of events where I have seen many large models and jets that use JR and Spectrum equipment. It's really scary to think that somebody could at the least most take control of the plane and steal it away from the pilot, and at the least just block the signal and bring the model down..... quite possible where it could endanger spectators viewing the event.
Even worse was this article that I just found while researching more on this subject. Here's the title (and a link to the article):
How to take down irritating drones without shooting them out of the sky
I'm not going to enter into a petty back and forth argument that can sometimes occur when we get into subject matters such as this. That is not the purpose of my post here. I posted here simply to point out that their are people posting in respected places (ZDNet has been around for a long time and is on my list of IT sources that I use to keep myself updated for my daily job, and I've been using it for at list the last 10-12 years) to use this new found exploit for nefarious purposes such as bringing down a drone that's bothering you in your neighborhood. And you can even push that further that it could be used to do something bad, say it could damage another aircraft such as a commercial air liner, and the owner of the drone would be held responsible because it's his name on it. I think it would be really hard to prove that somebody hijacked him.
Now there is one good thing that does come from this. It does allow for a geo-fencing of an area, to at least keep out DSMx radios at least. If you had a no fly zone you could use the technology to take over and land and DSMx controlled aircraft. Here's an article from Business Insider that does talk about how this could be beneficial to law enforcement and other agencies to control overflight of drone.
There's now a way to hijack nearly any drone mid-flight using a tiny gadget
Anyway, I just wanted you guys to see this article. And I've said my piece. I'm going to gracefully bow out and let the discussion continue.
Ken
Even worse was this article that I just found while researching more on this subject. Here's the title (and a link to the article):
How to take down irritating drones without shooting them out of the sky
I'm not going to enter into a petty back and forth argument that can sometimes occur when we get into subject matters such as this. That is not the purpose of my post here. I posted here simply to point out that their are people posting in respected places (ZDNet has been around for a long time and is on my list of IT sources that I use to keep myself updated for my daily job, and I've been using it for at list the last 10-12 years) to use this new found exploit for nefarious purposes such as bringing down a drone that's bothering you in your neighborhood. And you can even push that further that it could be used to do something bad, say it could damage another aircraft such as a commercial air liner, and the owner of the drone would be held responsible because it's his name on it. I think it would be really hard to prove that somebody hijacked him.
Now there is one good thing that does come from this. It does allow for a geo-fencing of an area, to at least keep out DSMx radios at least. If you had a no fly zone you could use the technology to take over and land and DSMx controlled aircraft. Here's an article from Business Insider that does talk about how this could be beneficial to law enforcement and other agencies to control overflight of drone.
There's now a way to hijack nearly any drone mid-flight using a tiny gadget
Anyway, I just wanted you guys to see this article. And I've said my piece. I'm going to gracefully bow out and let the discussion continue.
Ken
Last edited by RCKen; 10-29-2016 at 09:44 AM.
#20
Banned
My Feedback: (8)
Good stuff, thanks for the links. Technology can be a double edged sword, that's for sure. Here is a comment from someone who actually did the "hack". Looks like all protocols are susceptible.
http://arstechnica.com/security/2016...&post=32136399
"To be clear, ALL the current RC systems are vulnerable to this timing injection attack. I was the one who picked DSMx as our first target because it's the most popular system, my favourite and the one I currently use for all my drones, planes, copters, boats and cars. The attack hardware was a teensy and a cyrf6936 transceiver from my friend at 1bitsquared.com, but we could have just as easily implemented it using the same teensy and a ML2724 to attack DJI and Futaba systems. The issue is that all the RC systems from ALL the manufacturers count on frequency hopping obfuscation to "hide" their broadcasts which are easily gathered en masse and reversed with an SDR, or by using a logic analyzer on their transmitters, there is no cryptographically secure authentication layer on any of the current systems. This timing attack is not difficult, just requires some low level radio and embedded system knowledge and about $100 in parts, and is only the tip of the iceberg in the potential attacks available on current systems. Timing is the low hanging fruit that we picked to attack and demonstrate first. We have further demonstrations planned and Would be glad to talk to any manufacturer about securing their gear. Jonathan will be us in drone hijacking as a lab excercise in his CanSecWest SDR Dojo training course next March, and I highly recommend this course for anyone interested in this area. There are many places this kind of system could be used to detect drones flying in restricted areas (because the attack system can also be used as a drone detection system passively) and to take them over and make them perform controlled landings in safe areas, rather than all the crude systems proposed so far, and we have even more interesting systems, demonstrations and applications planned for future presentations, with the next one likely being at the CanSecWest conferece after Jonathan's training. An interesting side note is that you can actually use a second attack system to hijack the first hijacker, so this gets complicated very quickly"
http://arstechnica.com/security/2016...&post=32136399
"To be clear, ALL the current RC systems are vulnerable to this timing injection attack. I was the one who picked DSMx as our first target because it's the most popular system, my favourite and the one I currently use for all my drones, planes, copters, boats and cars. The attack hardware was a teensy and a cyrf6936 transceiver from my friend at 1bitsquared.com, but we could have just as easily implemented it using the same teensy and a ML2724 to attack DJI and Futaba systems. The issue is that all the RC systems from ALL the manufacturers count on frequency hopping obfuscation to "hide" their broadcasts which are easily gathered en masse and reversed with an SDR, or by using a logic analyzer on their transmitters, there is no cryptographically secure authentication layer on any of the current systems. This timing attack is not difficult, just requires some low level radio and embedded system knowledge and about $100 in parts, and is only the tip of the iceberg in the potential attacks available on current systems. Timing is the low hanging fruit that we picked to attack and demonstrate first. We have further demonstrations planned and Would be glad to talk to any manufacturer about securing their gear. Jonathan will be us in drone hijacking as a lab excercise in his CanSecWest SDR Dojo training course next March, and I highly recommend this course for anyone interested in this area. There are many places this kind of system could be used to detect drones flying in restricted areas (because the attack system can also be used as a drone detection system passively) and to take them over and make them perform controlled landings in safe areas, rather than all the crude systems proposed so far, and we have even more interesting systems, demonstrations and applications planned for future presentations, with the next one likely being at the CanSecWest conferece after Jonathan's training. An interesting side note is that you can actually use a second attack system to hijack the first hijacker, so this gets complicated very quickly"