Hackers found a way to intercept the DroneID identification protocol for drones, spending a little time and several hundred dollars.
DroneID became the subject of controversy in the spring of 2022, when the Ukrainian government criticized DJI for Russian military forces using DJI drones to target their missiles and intercepting radio signals transmitted by Ukrainian DJI drones to locate Ukrainian military personnel. The fact is that a Chinese company has long been selling a suitcase-sized Aeroscope tracker to government regulatory and law enforcement agencies that allows you to receive and decode DroneID data, determining the location of any drone and its operator at a distance of up to 50 km, writes wired.com.
How can I intercept DroneID and calculate the drone operator
The DroneID protocol and the Aeroscope device were originally created to secure airport runways, protect public events, and detect smuggling using commercial drones. However, the Russians have begun using Aeroscope to track Ukrainian drones and their operators, which carries great risks for the latter. Ukrainian officials turned to the developer company and they answered that they were categorically against the use of any of their products for military purposes, both by one side and the other.
In a commentary to the Verge, DJI representatives stated that the DroneID drone identification protocols are securely encrypted and can only be installed using a special device – Aeroscope. However, it turned out that cybersecurity expert Kevin Finisterre was able to determine the DroneID using the Ettus software-defined radio, which anyone can buy.
German researchers also debunked DJI’s claim about encryption. They analyzed the firmware of one DJI model and at what frequencies it keeps in touch with the operator. After that, they managed to recreate the DroneID of the drone. But that’s not all: experts have created a tool that can calculate DroneID using Ettus and even a cheaper analogue of HackRF, which costs only a few hundred dollars. With this low-cost setup and dedicated software, the signal can be completely decoded to find the location of the UAV operator, just like the Aeroscope does. Although the distance between the devices was small – a maximum of 9 m, experts say that it is possible to expand the radius by adding special settings.
Another hacker, University of Tulsa graduate Conner Bender, discovered that a HackRF-based system he created with a custom antenna could receive DroneID data from hundreds of meters away.
“Being able to identify a drone operator is now something of a holy grail in terms of targeting,” says August Cole, research fellow at the Atlantic Council’s Scowcroft Center for Strategy and Security. “Being able to do it so easily has been a bit of an opening to this war.”
Earlier, we reported that with the help of drones, Ukrainian defenders managed to destroy several pieces of equipment of the Russian Armed Forces.
