Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

2022-07-07 11:31

The popular protocol for radio controlled aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week.

The vulnerability in the protocol is tied to the fact some of the information sent over via over-the-air packets is link data that a third-party can use to hijack the connection between drone operator and drone.

Anyone with the ability to monitor traffic between an ExpressLRS transmitter and receiver can hijack the communication, which "Could result in full control over the target craft. An aircraft already in the air would likely experience control issues causing a crash."

The ExpressLRS protocol utilizes what is called a "Binding phrase," a kind of identifier that ensures the correct transmitter is talking to the correct receiver.

These packets leak much of the binding phrase's unique identifier - specifically, "75% of the bytes required to take over the link."

The author of the bulletin recommended the following actions be taken, to patch over the vulnerabilities in ExpressLRS. Do not send the UID over the control link.

News URL

https://threatpost.com/drone-hack-expresslrs-hijacked/180133/

#drone #hack #takeover

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Protocol		12	0	4	13	0	17