Glaring Vulnerabilities Make Many Commercial Drones ‘Insecure by Design’

Slashdot reader msm1267 quotes ThreatPost:
Drones, many readily available on ecommerce shops such as Amazon, are plagued by vulnerabilities that could give attackers full root access, read or delete files, or crash the device. The United States Computer Emergency Readiness Team (US-CERT) published a warning about one model, the DBPOWER U818A WiFi quadcopter, last month, but according to the researcher who reported the vulnerabilities, multiple drone models — manufactured by the same company but sold under different names — are also vulnerable. They contain two appealing attack vectors: an open access point and a misconfigured FTP server. If an attacker was within WiFi range of the drone they could easily obtain read and write permissions to the drone’s filesystem and modify its root password… Like any attack dependent on Wi-Fi, an attacker would need to be in close proximity to the drone to carry out an attack, but an attacker could connect their computer to the drone access point, essentially treating it as a proxy to spy on the device’s live feed or the drone’s open ports.

Read more of this story at Slashdot.


Leave a Reply