P0wning for the fjords: Malware turns drones into DEAD PARROT

Hacker Rahul Sasi has found and exploited a backdoor in Parrot AR Drones that allows the flying machines to be remotely hijacked.

The Citrix engineer developed what he said was the first malware dubbed Maldrone which exploited a new backdoor in the drones.

Sasi (@fb1h2s) said the backdoor could be exploited for Parrot drones within wireless range.

"Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick," Sasi said.

"But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing."

The research, to be presented at Nullcon next month, could give attackers control of drones or access to on board video feeds to spy on subjects.

The code is different to previously-disclosed attacks in that it bypasses authentication and does not simply rely on cutting and then commandeering wireless connections.

Sasi said it could be combined with the Skyjack attack to make the backdoor wormable.

Parrot's drones already expose a "high level" API, Sasi said, which allows control via AT commands. While that API could be used to attack drones, Sasi wanted to find explicit backdoors in the machines.

Sasi spent five months reversing the proprietary AR Drone program.elf and developing Maldrone and would over the coming year attempt to hack industrial drones.

He said manufacturers should conduct security audits for drone software and noted Maldrone would need to be reworked to attack other drone makes. ®