Hacked drones flying up, up and away over geofencing restrictions

Drone operators frustrated by geofencing are hopping the fence and hacking their way to fly way, way up and over what’s legal. And they’re more than able to do so, as drone maker DJI reportedly left development debug code in its Assistant 2 application. From @UAVHive, a group for hobbyists in Yorkshire, England:

DJI probably accounts for the vast majority of drone sales in the United States, so this code glitch makes for a hell of a lot of no-holds-barred unmanned aerial vehicles (UAVs) buzzing over our heads.

Some cynics wonder if rather than being a glitch, it could instead be a brilliant marketing ploy to get around flight restrictions, but per Hanlon’s razor, we won’t attribute to malice that which is adequately explained by incompetence, misunderstanding, or “Oops! Debug code left in production app!”

The manufacturer sent a statement to the Register, claiming to have fixed the problem with a firmware update:

A recent firmware update for Phantom 4 Pro, Phantom 4 Advanced, Phantom 3 Standard, Phantom 3 SE, Mavic Pro, Spark, and Inspire 2, among others, fixes reported issues and ensures DJI’s products continue to provide information and features supporting safe flight. DJI will continue to investigate additional reports of unauthorised firmware modifications and issue software updates to address them without further announcement.

But one expert – Kevin Finisterre, one of multiple drone security experts who’ve been repeatedly warning DJI since at least April – says the update hasn’t stopped him from hacking away:

The bugs that I disclosed that were circulating in the underground have NOT been fixed for what it is worth.

The jailbreak has been proved on other DJI models besides Spark, including the Phantom and Inspire 2. The hack is a drop-dead simple change to settings. One YouTube video that shows operators how to tweak flight height to 2,500 feet is less than two minutes long.

That video, for what it’s worth, also offers this advice:

Don’t be an idiot using these settings.

For real?! To state the blindingly obvious, idiots are why geofencing exists. Drone operators have flown close to UAV-sucking jet engines on passenger planes, police helicopters, and firefighting aircraft. They’ve flown UAVs on to the White House lawn and above playgrounds, concussed at least one person at a parade, and aggravated at least one homeowner to the extent of “Hey, gadget! Have a taste of birdshot!!!” (Yup, and he had a right to do it, said the judge.)

You don’t even have to do the simple altitude restricion hack yourself. Anybody who wants to “fly your drone faster and higher than the legal limit” can call on a Russian hacking company called CopterSafe that offers hacked upgrades for DJI drones.

To be fair, drone operators have legitimate gripes about geofencing.

Take Sky 1, a UAV pilot who said that they had a paid gig near a stadium they couldn’t fly over because their DJI drone labelled it a red, no-fly zone. They were also restricted from flying inside the Class D airspace of an airport, even though, they claimed, they had received permission.

As the Register reports, users authorized to fly in restricted areas can either unlock these zones using DJI’s GEO system or by submitting a request via email. Apparently, as somebody who claimed to be a law enforcement operator said, that’s all way too klunky:

I have said it before, when you purchase a car, it does not come with a daggum BABYSITTER!!!!!!!!!!!! Your trusted to abide by the rules and regulations!!! And as a Law Enforcement Operator, I AM NOT WAITING 5 DAYS to get authorization when I have all other paperwork in line and I need to fly NOW!!!!!!!!

I’ve got a request for comment in to DJI and will update the story if I hear back.