A consumer drone's communication protocol was successfully reverse-engineered, allowing unauthorized control of takeoff and landing functions using just a laptop computer.
Working with a Parrot Anafi drone, which creates its own Wi-Fi network for controller connectivity, researchers analyzed the communication patterns between the drone and its legitimate controller. By capturing and studying the data packets exchanged during normal operations, they identified specific commands responsible for initiating takeoff and landing sequences.
The investigation revealed that the drone uses UDP (User Datagram Protocol) packets with distinct hexadecimal payloads for different commands. After analyzing multiple takeoff and landing sequences, researchers isolated the exact packet structure needed to replicate these commands.
Using a simple Python script, they were able to send unauthorized takeoff and landing commands directly from a laptop connected to the drone's Wi-Fi network. The drone responded to these commands even though the laptop was not the official controller.
The researchers discovered they could:
- Force the drone to take off without using the controller
- Make the drone land on command
- Prevent legitimate takeoff attempts by continuously sending landing signals
- Block authorized landing attempts by spamming takeoff commands
This security weakness means any device connected to the drone's Wi-Fi network could potentially hijack basic flight controls. The drone accepted these unauthorized commands without any authentication requirements.
The findings highlight potential vulnerabilities in consumer drone systems that rely on Wi-Fi connectivity. This type of security research helps identify weaknesses in IoT devices before they can be exploited maliciously.
While this particular case focused on a single drone model, it demonstrates why manufacturers need to implement stronger authentication and encryption in their drone communication protocols to prevent unauthorized control.