Hackers Find a Weird New Way to Hijack DJI Drones

Andrew Heinzman

Review Geek

The DJI Air 2S drone.


A team of hackers at Michigan State University discovered a strange new way to hijack DJI-branded drones. According to assistant professor of computer science and engineering Qiben Yan, this exploit requires just one simple tool—a very bright light.

Although DJI drones are manually controlled by an operator, they use a AI imaging system to automatically detect and avoid obstacles. A more robust form of this imaging system could power autonomous drones in the future, when companies like Amazon adopt drones for quick deliveries.

Qiben Yan’s research shows that, if you shine a bright light into a DJI drone’s imaging system, it will mistake this light for an obstacle and move to avoid a collision. With an advanced system of lights or lasers, you could hijack a drone by triggering its obstacle avoidance system and forcing it to move in a desired direction.

Now, you don’t have to worry about a bunch of Michigan State Spartans stealing your drone. Assistant professor Yan describes his team as “white hat,” meaning that they report hacks and exploits to device manufacturers. Additionally, DJI is aware of the issue, and it’s not very concerned.

Here’s a statement that DJI’s head of North American communications Adam Lisberg provided to DroneDJ:

We strongly object to anyone describing this lighting trick as “hacking” a drone — it can’t truly take command of a drone, it doesn’t put any drone data at risk, and it doesn’t penetrate DJI’s strong cybersecurity protections …  Executing it in the real world would require unobscured access to a nearby drone, precise movements of carefully calibrated lights, and a lot of luck.

Adam Lisberg went on to say that DJI will consider this research in future products, which is obviously a good idea. While properly controlling a drone with lights is extremely difficult, hackers could use this exploit to remove a drone from its operator’s control—something that could lead to a broken drone (not a big deal) or a drone that falls on someone’s head (a very big deal).

This exploit also has some implications outside the world of drones. Most autonomous vehicles, including self-driving cars, rely on AI imaging systems to avoid accidents or traffic violations. If these imaging systems can be manipulated by any means, then we’re in trouble.

Here’s the good news; assistant professor Yan says that DJI could resolve this vulnerability with more advanced software or light-intercepting hardware. Maybe drones of the future will have big plastic bug eyes that prevent harsh light from screwing with their imaging systems.

Continue Reading

Loading data