An Indian security researcher, Rahul Sasi, has just looked into the AR Drone 2.0 from the French manufacturer Parrot. The drone in question allows neophytes to learn a little about model making by piloting a semi-automated flying drone by controlling it from an application launched on a smartphone or tablet.
A flaw was thus discovered in the system which manages the drone, making it possible to install a backdoor permanently. Maldrone is installed directly in the piloting and navigation software, at the level of a part of code which allows takeoff and automatic landing as well as hovering.
The hacker who exploits this flaw can then take remote control of a drone, pilot it and control the camera. Once the backdoor is installed, a simple reset to the factory configuration will not be enough to remove it, it will be necessary to flash the firmware of the device, which is not necessarily within the reach of the average user targeted by Parrot.
Worse, the hack can be combined with Skyjack to transform the backdoor into worms to infiltrate more and more other devices.
The expert's research results will be presented at the Nullcon conference to be held in Goa at the start of at least next year. In the meantime, the researcher recommends that Parrot conduct security audits for the design of its software reserved for drones.