Drone Security and the Mysterious Case of DJI’s Drone ID investigates the security and privacy claims for drones, focusing on DJI, the leading manufacturer with a market share of 94%. The authors begin by categorizing the drone attack surface and examining the potential for an attacker to eavesdrop on the drone’s over-the-air data traffic. They reverse engineer DJI firmware to develop a decoder for DJI‘s proprietary tracking protocol DroneID, using inexpensive commercial off-the-shelf hardware. Their findings indicate that the data transmitted by the drone is not encrypted and is accessible to anyone, compromising the privacy of the drone operator.

In addition, the authors conduct a comprehensive analysis of drone security. They discover multiple critical flaws in drone firmware using a combination of reverse engineering, a unique fuzzing approach customized for DJI’s communication protocol, and hardware analysis. These flaws allow attackers to gain elevated privileges on two different DJI drones and their remote control. This root access enables them to disable or bypass countermeasures and exploit the drones. The researchers uncovered 16 vulnerabilities, including denial of service and arbitrary code execution. Fourteen bugs can be triggered remotely through the operator’s smartphone, allowing the drone to be crashed mid-flight.

Publication Date- 2023

Drone Security and the Mysterious Case of DJI’s DroneID contains the following main sections:

  1. Introduction
  2. Primer on DJI Drones
  3. Security Analysis Without Physical Access
  4. Security Analysis With Physical Access
  5. Discussion and Lessons Learned
  6. Related Work
  7. Conclusion

C-UAS Hub does not own this content and is providing a link at the bottom of the page for users to access the content in its original location. This provides the author(s) with the opportunity to track important article metrics related to their work. All credit goes to its rightful owner.

Authors- Nico Schiller, Merlin Chlosta, Moritz Schloegel, Nils Bars, Thorsten Eisenhofer, Tobias Scharnowski, Felix Domke, Lea Schönherr, Thorsten Holz

Companion News Article:

Security Vulnerabilities Found in DJI Drones