Hackers are Illegally Unlocking Drones’ Potential Thanks to a Forgotten Development Code

With the popularity of drones in the UK, there also came the infestation with drone hackers. These cyber criminals are working hard on discovering and exploiting every security flaw that they can find, which even seems to include flight elevation limits.

Despite the best efforts from companies like DJI that are trying to patch up the flaws, hackers are still finding them. The biggest potential for drone hacking came from a simple mistake that DJI made.

They accidentally made a mistake of leaving a development debug code in their application called Assistant 2. Those who discovered it soon found out that commenting out one line of the file can make huge changes. Simply changing the debug flag to true from false has exposed drone’s full parameters, while all of the safeguards went off.

The drone enthusiast community from the UK, UAVHive, has commented on this and mocked the DJI for making a mistake. The same jailbreak was also found in other DJI products, including Inspire 2, as well as Phantom.

Despite multiple warnings about such errors, DJI failed to act. Having such security risks undealt with practically leaves a backdoor wide open for hackers, and lets them meddle with this tech.

Many of the underground groups have recently started working together in order to remove factory made restrictions from the drones. Even on Facebook, drone enthusiasts groups have hackers that can remove the limitations. It is even worse on Slack, which is where the main ‘conspiracy’ is taking place.

All kinds of different tests are being conducted by drone enthusiasts and hackers once the safety gets off. This includes entering no-fly zones, but also height competitions. Basically, they are trying to see who can make their drone go higher. Several codes are currently in development that will remove these restrictions completely.

So far, users managed to even increase radio range, which officially broke EU laws. For example, the legal limit is for a drone to fly away some 500 meters from the person controlling it. With the restrictions off, hackers are sending them flying for miles.

Height limits have been removed completely, and there are even videos on YouTube which explain how to do it. After the limits are removed, owners have been known for sending the drones much higher than the 120m, which is the limit.

Many have criticized leaving a debug code in the production apps. It is even harder to understand how did this happen, considering that DJI was even informed that this is an issue. They could have easily pushed a new version where the code was removed before anyone even discovered it.

DJI has reported that they did issue a patch according to firmware modifications reports. One version called Assistant 2 v1.1.2 was released on June 16, but it is still unknown if the version was fixed, or if it did not have this problem.

At any rate, modifications of the firmware are not recommended, because the safety is there for a reason, and so are the no-fly zone specifications. If the conditions are wrong, an unstable flight can make drones extremely unsafe. Anyone who modifies their drone will be considered a criminal.

Even though you can get an authorisation to fly your drone in no-fly zones, not everyone gets it. Because of this, drone enthusiasts have taken the matters into their own hands, and have removed the limitations themselves.

Drone security experts have criticized the DJI, and it seems like the company not only gave away the debug code, but also failed to fix bugs that were reported earlier.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.