DJI Drohnen Überwachung ! Forscher finden 16 schwere Sicherheitsmängel! Was musst du jetzt tun ?

you have to imagine that you are standing in the field or somewhere else in good weather you are happy to be flying here with your drone taking incredibly cool photos and then the next thing happens someone else takes control of your drone you don't I don't think you are in time for the start of the threatened season. Unfortunately, this year there is a lot of negative news that I would like to show you here in this video. Computer scientists at Ruhe University Bochum have discovered 16 security flaws in almost all DJI drones, some of which are serious.

These now allow, for example, the serial number of the drone to be changed to override the location of the drones by security authorities, the built-in flight lock near the airport could also be bypassed in certain attack scenarios, the drone could even be shot down from afar and that with commercially available and freely available technical components on the market all the details as well as the possibilities of what you absolutely have to do now to protect yourself, you can now find out in my video, I hope you have a lot of fun watching, let's go over your scenario again, you can't do anything anymore, the drone can no longer be controlled, someone else has taken control of your drone, in the worst case they can crash it, but already your drone is of course registered with you and your name in the Federal Aviation Office, of course, completely different things can happen or if you misuse the drone, what else will happen to you?

I don't want to imagine that now write me the comments what would you do your drone is flying you have lost the controls someone else has the controls of this drone what are you doing I would hardly think of anything in this case, so to speak, at first I would be surprised and think about what? What can I do with what I just presented to you here? Of course, it's a horror scenario and we hope none of us understand it. For further introduction, of course, you must first understand the technical data. There has been a DJI security system for years and you should know that the Chinese companies DJI not only manufacture the best-selling drones in the world but also a system to monitor their flight movements, of course, and also to prevent them if necessary, this system is called eroskop if you want to know more about this, there is a really great video about it, which is in English, but now I am using some excerpts from this video to show you that to clarify a little more, of course, I linked this video here on the description of my video, well now to the topic of the eroscope, it is well known that this system exists but of course this system can also be purchased freely on the market, as you can see here it consists of an antenna e in one unit stationary and associated software, the eroscope system is compatible with all DJI models.

Analysts estimate that DJI drones make up about two-thirds of the global civil drone market, but this eroscope system allows operators to collect telemetry data from all DJs in the country. In fact, it is a threatening tagging system that provides security teams at airports. prisons, national borders and security facilities with the necessary data to be effectively and quickly protected from intruder attacks, drug shipments, abuse and of course it has to be because there are not only those. By intercepting the current communications link between a DJI drone and its remote controller, friendly drone pilots like us can eroscope identification information in real time, including serial code, make, model, position, speed, latitude and provide the pilot's position, allowing operators to take action against the drone threat and at the same time dispatch police security teams to the pilot's condition.

Of course, it's a little tricky to keep an eye on this video and that's why I'm trying it here. Sometimes I also slow down because it is important to understand that this system is of course inevitable, which probably none of us will doubt here, but to understand the following text you have to imagine what happens when you look at this eroscope system information . You could just build your own system. All I can do that, so I couldn't and probably most of you couldn't either, but the scientific and technically experienced. Talents can do it easily and now you will think because the data from my drone to the DJI surveillance systems is encrypted and it is the DJI system itself that is intended to prevent criminal misuse and this is exactly where the researchers from the University of the Ruhr are starting now. his published report.

Naturally, the question arises as to how safe the safety protocols are against misuse of flying robots, planes can take off, and safety mechanisms are built into most modern drones to prevent flights that endanger use. and air traffic, so-called geofensing prevents threats from entering. no-fly zones and the integrated software restricts the altitude and flight speed, explained Nico Schiller of the Ruhr University in Bochum to detect drug transports and other criminal purposes, the drones from the manufacturer DJI also regularly transmit their position and that of its pilots through a specific protocol, i.e. Drone ID, which of course allows authorized bodies to use security authorities or critical infrastructure operators if there is suspicion of criminal access.

I hope you can still follow me to some extent, that's the question here. about how secure these protocols are against unauthorized access Schiller and his team therefore have DJI drones in m. Possible security gaps were examined, including the DJI mini 2, DJI r2s and the large models, the Mavic 2 and Mavic 3, which do not mean that the other DJI drone models are not affected, they were simply not selected. for this test. This is very important. The researchers first tested the Drone ID protocol to see how well it protects against unauthorized interference. To do this, they use reverse engineering from DJI. firmware and the radio signal emitted by the drones to analyze the undocumented tracking protocol in more detail for the first time if I can know what reverse engineering is, but the explanation itself is relatively complicated, so it is the process of analyzing a system S with the aim of identifying the components of the system and their relationships with each other and the representations of the system in a different way, a higher level of abstraction than e.

But now it's getting really exciting, because researchers said we were able to show that the transmitted data is not encrypted, but the location of the pilot and the drone can be read by anyone with relatively simple means, Schiller reports, so, Of course, you can't tell here and the hammer is only for the prototype decoder. Free marketable components were used. A single intercepted pay ID signal was enough to assign the drone and the pilot. In the next step, the scientists examined whether they were also actively involved in the communication and operation of the drones, but we connected the drone to a laptop. and first we saw how we can communicate with it and what interfaces are available to us, explained Schiller, who stated that communication is usually done through a single protocol called double and then sends commands to the drone in packets.

The research team then developed an algorithm that generated a large number of random double entries and then sent them to the test spaces. The researchers said we found 15 software bugs that caused the software to crash or other types of unexpected behavior. Because of this, you need to understand some vulnerabilities that even allowed attackers to gain expanded access rights on the system so that an attacker can change the lock data and serial number to disguise their identity, which does not appear later in the movie. In addition, the position of the drone and pilot transmitted through the drone ID can be spoofed in this way DJI also takes extensive precautions to avoid threats of flying over airports or other restricted areas.

These mechanisms can also be bypassed, but of course the fact that the weak points also allow the attacker to manipulate the drone in flight and even crash it, the only requirement for this is that the attacker has access to the remote control through the device corresponding and now you think you have a remote control of course and nothing can happen, which can also happen by hacking the smartphone if the drone pilot connects with the threat controller. According to researchers, there is a clear need for improvement in drones and I agree with the opinion that, regardless of who uses a drone, it must meet the safety standards guaranteed by the manufacturer and must be able to rely one hundred percent on the integrity of the systems, according to Schiller and his colleagues informed DJI about the 16 vulnerabilities found before publication, which of course I think is very fair for those who want to read it all again, the team led by Nico Schiller of the Institute Horst Görtz from IT Security at Ruhr University Bochum presented the results at The ndss conference took place from February 27 to March 3, 2023 in San Diego, USA, but now the question naturally arises as to what can do to protect yourself and there is a positive response because DJI has now released a security update that you should cancel. these bugs completely but the problem is that in 2017 there was the same scandal about unencrypted data and DJI also said yes we released an update and that doesn't happen anymore so my personal opinion is please get rid of this garbage .

I want to be able to fly properly. With my drone I don't want anyone else to hack me, of course there are always hackers and there are always people who work as a kind of antithesis of good people and somehow plan bad things that can happen but there are 16 security breaches discovered by researchers who then build everything again themselves with commercially obtainable materials, then I don't want to know what's going on here in the dark in secret, so to speak, and I don't want to know either. I just want to fly safely with my DJI drone and I can trust DJI to encrypt my data.

What do you think of this gan zen story? You like to write my comments here. Please only proper comments and not just three words and that's bullshit or something. otherwise no one can do anything with it, that's a topic that really affects all DJI threat pilots here and that's why just write it here, my comments, let's discuss what happened here and what happened here with So, I say thank you very much for watching until the next video. And so, goodbye, goodbye and angle.