A security researcher from IBM has said that a $20,000 to $35,000 police drone used for surveillance can be hacked with a $40 kit. Vulnerabilities of the flying machine allow it to be controlled or knocked out of the sky within a mile range. Findings were presented at the RSA security conference in San Francisco on March 2. A security researcher showed how flaws in the security of the drone’s radio connection allowed him to take full control over the unmanned machine with just a laptop and a cheap radio chip connected via USB.
The researcher, who works with IBM but conducted the drone research while working as a graduate researcher at the University of Twente in the Netherlands, won’t reveal the specific drone he tested or who sells it. He hinted, however, that the drone did have a flying time of about 40 minutes and that it was deployed by many police and fire departments. He has alerted the drone’s manufacturer to the security flaws he’s found, and the company plans to fix the issue in the next version of the quadcopter that it sells. Since the drones don’t connect to the internet, there isn’t an easy fix for those that have already been manufactured. They can’t just download the new upgrade like we do with our iPhones.