#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Drone hacking | Breaking Cybersecurity News | The Hacker News

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Jun 28, 2023 Firmware Security / Tech
Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection (EMFI) attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which  found  that it is "feasible to compromise the targeted device by injecting a specific EM glitch at the right time during a firmware update." "This would allow an attacker to gain code execution on the main processor, gaining access to the Android OS that implements the core functionality of the drone," Gabriel Gonzalez, director of hardware security at the company, said in a report published this month. The  study , which was undertaken to determine the current security posture of Unmanned Aerial Vehicles (UAVs), was carried out on  Mavic Pro , a popular quadcopter drone manufactured by DJI that employs various security features like signed and encrypted firmware, Trusted Executi
Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200

Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200

Jul 11, 2018
You never know what you will find on the hidden Internet ' Dark Web .' Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10 . It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 and $200. Cybercrime tracker Recorded Future today reported that it discovered a hacker attempting to sell secret documents about the MQ-9 Reaper drone used across federal government agencies for only a few hundred dollars on a Dark Web forum last month. First introduced in 2001, the MQ-9 Reaper drone is currently used by the U.S. Air Force, the U.S. Navy, U.S. Customs and Border Protection, NASA, the CIA, and the militaries of several other countries. The tech intelligence's Insikt Group analysts found the hacker during their regular monitoring of the dark web for criminal activities. They posed as potential buyers and engaged the new
How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests

Dec 04, 2017
The United States Department of Homeland Security (DHS) has recently accused Da-Jiang Innovations (DJI), one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE) has begun circulating online more recently, alleging "with moderate confidence" that DJI drones may be sending US critical infrastructure and law enforcement data back to China. However, the bureau accessed "with high confidence" that this critical data collected by the DJI systems could then be used by the Chinese government to conduct physical or cyber attacks against the U.S. critical infrastructure and its population. The memo goes on to specify the targets the Chinese Government has been attempting to spy on, which includes rail systems, water systems, hazardous material storage facilities, and constructio
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget

You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget

Oct 27, 2016
Now you can hijack nearly any drone mid-flight just by using a tiny gadget. Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device. Andersson, who is the manager of Trend Micro's TippingPoint DVLab division, demonstrated this new hack at this year's PacSec security conference in Tokyo, Japan on Wednesday. Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx. DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars. This is not the first hardware that can hijack drones mid-flight . There are jamming devices available in
Hacker Hijacks a Police Drone from 2 Km Away with $40 Kit

Hacker Hijacks a Police Drone from 2 Km Away with $40 Kit

Apr 01, 2016
A researcher has demonstrated how easy it is to steal high-end drones, commonly deployed by government agencies and police forces, from 2 kilometres away with the help of less than $40 worth of hardware . The attack was developed by IBM security researcher Nils Rodday, who recently presented his findings at Black Hat Asia 2016. Hacking the $28,463 Drone with Less than $40 of Hardware Rodday explained how security vulnerabilities in a drone's radio connection could leverage an attacker ( with some basic knowledge of radio communications ) to hijack the US$28,463 quadcopters with less than $40 of hardware. Rodday discovered ( PPT ) two security flaws in the tested drone that gave him the ability to hack the device in seconds. First, the connection between drone's controller module, known as telemetry box, and a user's tablet uses extremely vulnerable ' WEP ' ( Wired-Equivalent Privacy ) encryption – a protocol long known to be 'crackable in sec
NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

NASA HACKED! AnonSec tried to Crash $222 Million Drone into Pacific Ocean

Feb 02, 2016
Once again the Red Alarm had been long wailed in the Security Desk of the National Aeronautics and Space Administration ( NASA ). Yes! This time, a serious hacktivism had been triggered by the Hacking group named " AnonSec " who made their presence in the cyber universe by previous NASA Hacks. The AnonSec Members had allegedly released 276 GB of sensitive data which includes 631 video feeds from the Aircraft & Weather Radars; 2,143 Flight Logs and credentials of 2,414 NASA employees, including e-mail addresses and contact numbers. The hacking group has  released a self-published paper named " Zine " that explains the magnitude of the major network breach that compromised NASA systems and their motives behind the leak. Here's How AnonSec Hacked into NASA The original cyber attack against NASA was not initially planned by AnonSec Members, but the attack went insidious soon after the Gozi Virus Spread that affected millions of systems a
Dutch Police Training Eagles to Take Down Rogue Drones

Dutch Police Training Eagles to Take Down Rogue Drones

Feb 01, 2016
You may have seen number of viral entertainment videos on the Internet, titled: Hawk attacks Drone! Angry Bird takes down Quadcopter, and the best one… Eagle attack: Drone Kidnapped by two Eagles, ...showing eagles, not-so-natural predators, attacking and bringing down drones when someone with a camera tries to invade their private airspace. Inspired from this: The  Dutch National Police  force is training eagles to take down rogue drones, instead of shooting them, using radio jammers,  net-wielding interceptor drones  or anti-drone rifle . We already know the role Sniffer Dogs play for Anti-Bomb squads in detecting hidden bombs and weapons. If dogs can be trained, so can eagles. Keeping this in mind, it is the first time any police authority has trained eagles to safely bring down bad quadcopters in emergency cases. Dutch police reportedly collaborated with a raptor training company called 'Guard From Above ', to train eagles to recogni
How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds

How Spy Agencies Hacked into Israeli Military Drones to Collect Live Video Feeds

Feb 01, 2016
Featured Image Only. See Original leaked images below. In a joint surveillance program, the US intelligence agency NSA ( National Security Agency ) and the British intelligence agency GCHQ ( Government Communications Headquarters ) hacked into, decrypted, and tracked live video feeds of Israeli Military Drones and Fighter Jets . This could be one of the most shocking and embarrassing disclosures for Israel, who is the United States' ally and prides itself on its technical capabilities. Published by The Intercept, the newly released documents from the former NSA contractor Edward Snowden revealed that in an operation dubbed " Anarchist ," UK and US intelligence officials have been… ...regularly accessing Israeli drone cameras, allowing them to watch live video feeds from drones and fighter jets while Israel bombed Gaza and spied on Syria. But, how the intelligence officials were able to do so. Also Read: Google Wants to Fly Drones Over Your Head
First Ever Anti-Drone Weapon that Shoots Down UAVs with Radio Waves

First Ever Anti-Drone Weapon that Shoots Down UAVs with Radio Waves

Oct 15, 2015
While the US military continues to build more advanced unmanned aerial vehicles ( UAVs ), popularly known as Drones , the US company Battelle has developed a shoulder-mounted rifle to deal with unwanted drones flying around. Dubbed DroneDefender , the revolutionary weapon specifically designed to target and knock drones out of the sky at a range of just 400 meters, without totally destroying them. The Battelle DroneDefender utilizes radio waves to neutralize in-flight Drones and force them to land or hover or return to its point of origin. Video Demonstration You can watch the video given below to know how the DroneDefender works. It shows how the weapon is able to stop a drone in its tracks and cause it to land. The DroneDefender weighs less than 5 kilograms and can disable a hostile drone within a 400-meter radius. How does DroneDefender Work? As soon as the trigger is pulled, DroneDefender emits radio pulses that interrupt the communications system
How A Drone Can Infiltrate Your Network by Hovering Outside the Building

How A Drone Can Infiltrate Your Network by Hovering Outside the Building

Oct 07, 2015
Imagine you are sitting in your office and working on something confidential. Once you are done, you send a command to print that document. But, What if...  ...the whole confidential document send to a hacker attacking from the air? Sounds pity but may be your Boss fires you immediately if that confidential data is leaked or misused. This is no more an imagination now, as a group of researchers has done exactly the same. Researchers from Singapore have devised a unique set up consisting of a Drone that carries a smartphone running two custom apps that are capable of intercepting wireless printer transmissions, even from outside an office building. In short, hackers can gain access to your corporate network by using a smartphone-equipped drone to hack your printer. The project was developed by the researchers at iTrust , a research center at the Singapore University of Technology and Design. They developed two applications: Cybersecurity Patrol – To d
Design Flaws Make Drones Vulnerable to Cyber-Attacks

Design Flaws Make Drones Vulnerable to Cyber-Attacks

Oct 04, 2015
In the past, The Hacker News (THN) reported about various activities surrounding Drones. Whether it was the development of the first backdoor for drones ( MalDrone ), or Weaponized drones getting legal , or Drones hacking smartphones . And now the reports depict... Security Researcher has showcased a method that can be used to hack and hijack Unmanned Aerial Vehicles (UAVs) , more commonly known as DRONES . Senior AV researcher at HP Security Research Oleg Petrovsky demonstrated scenarios of cyber attacks targeting the flight controller of drones with analysis explaining how drones could become victims of cyber attacks. Petrovsky has analyzed configurations and controllers for various popular multi-rotor unmanned aerial vehicles (UAVs) to discover the weaknesses present in the already implemented cyber attacks. The research focuses on the flight controllers which is a microprocessor and comprises of: Input/Output Pins Multiple sensors onboard An acceler
THN Weekly Roundup — Top 14 Must-Read Cyber Security Stories

THN Weekly Roundup — Top 14 Must-Read Cyber Security Stories

Sep 07, 2015
We found a high concern for cybersecurity tactics and an increased awareness of the challenges that it brings. This week, we shared lots of stories with our readers, and to help them in identifying the biggest malware threats to their online safety. We are here with the outline of our last week stories, just in case you missed any of them ( ICYMI ). We recommend you read the entire thing ( just click ' Read More ' because there's some valuable advice in there as well ). Here's the list: ➢ How Hackers Can Hack Your Gmail Accounts? Getting smarter in their phishing tactics, hackers have found out ways to fool Gmail's tight security system by bypassing its two-step verification. Hackers are now using text messages and phone-based phishing attacks to circumvent Gmail's security and take over your Gmail accounts. — Read more . ➢ Not Just Windows 10, Windows 7 and 8 Also Spy on You Laughing at controversial data mining and privacy invasion featur
Two Arrested For Dropping Drugs And Porn Into Prison Using A Drone

Two Arrested For Dropping Drugs And Porn Into Prison Using A Drone

Aug 25, 2015
The use of Unmanned Aerial Vehicles (UAVs), popularly known as Drones, is rapidly transforming the way crimes are conducted, and this story helps prove this right. Maryland State Police arrested two men  –  Thaddeus Shortz and Keith Brian Russell  –   suspected of allegedly trying to smuggle drugs and porn into a state prison using a drone , according to law enforcement authorities. The men, with the intention to fly a Yuneec Typhoon drone into local jails, were arrested near the Western Correctional Institution and the North Branch Correctional Institution in Cumberland, Maryland late Saturday. The authorities seized: A Yuneec Typhoon drone , which retails for around $1,300 Synthetic marijuana (also known as " Spice ") Pornographic DVDs Tobacco Prescription drugs A mobile phone A loaded pistol However, the pistol likely was not going to be carried by the drone as it was apparently too heavy that it probably would have weighed down the aircr
How Drones Can Find and Hack Internet-of-Things Devices From the Sky

How Drones Can Find and Hack Internet-of-Things Devices From the Sky

Aug 08, 2015
Security researchers have developed a Flying Drone with a custom-made tracking tool capable of sniffing out data from the devices connected to the Internet – better known as the Internet-of-things. Under its Internet of Things Map Project , a team of security researchers at the Texas-based firm Praetorian wanted to create a searchable database that will be the Shodan search engine for SCADA devices. Located More Than 1600+ Devices Using Drone To make it possible, the researchers devised a drone with their custom built connected-device tracking appliance and flew it over Austin, Texas in real time. During an 18 minute flight, the drone found nearly 1,600 Internet-connected devices , of which 453 IoT devices are made by Sony and 110 by Philips. You can see the full Austin map here . How did They locate Internet of Things Devices? The researchers located all ZigBee-enabled smart devices and networks and then started expanding their research. "When [I
Cybersecurity Resources