Notices
The Clubhouse If it doesn't fit in any other category and is about general RC stuff then post it here at the Clubhouse.

DSMX hacked?

Old 10-27-2016, 07:29 AM
  #1  
franklin_m
Thread Starter
 
franklin_m's Avatar
 
Join Date: Nov 2005
Location: State College, PA
Posts: 4,561
Likes: 0
Received 1 Like on 1 Post
Default DSMX hacked?

I can't imagine that the other protocols can't be far behind. More than a little concerning that Horizon Hobby would not comment. I'm reminded of what a wise public affairs officer once told me: "Bad news is like dead fish, it doesn't smell better with time."

http://www.pcworld.com/article/31361...-hijacked.html
Old 10-27-2016, 08:09 AM
  #2  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by franklin_m
I can't imagine that the other protocols can't be far behind. More than a little concerning that Horizon Hobby would not comment. I'm reminded of what a wise public affairs officer once told me: "Bad news is like dead fish, it doesn't smell better with time."

http://www.pcworld.com/article/31361...-hijacked.html
There isn't a protocol out there that can't be hacked. HH not commenting immediately is nothing surprising or shocking in any way, . Perhaps what worked for the military public relations machine back in the past doesn't quite fit modern day communication standards. Chances are they will actually research the issue and give a well thought out response rather than just issue an immediate comment. A lot goes into media releases, even more so when it can/might have an effect on the bottom line.
Old 10-27-2016, 08:27 AM
  #3  
init4fun
 
init4fun's Avatar
 
Join Date: May 2009
Posts: 4,354
Received 49 Likes on 43 Posts
Default

And people called me nutz for saving all my old 72 MHZ gear .
Old 10-27-2016, 09:20 AM
  #4  
franklin_m
Thread Starter
 
franklin_m's Avatar
 
Join Date: Nov 2005
Location: State College, PA
Posts: 4,561
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by porcia83
Perhaps what worked for the military public relations machine back in the past doesn't quite fit modern day communication standards.
What prompted the ad hominem attack on the military? For the vast majority of my career we were taught that within the limits of security and privacy, we were taught to be open and honest, but stick to the facts,

How hard would it be to say this? "We are aware of the reports and we are investigating. We take this matter seriously. Pending the results of the investigation, we will comment and take action if warranted."
Old 10-27-2016, 09:33 AM
  #5  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by init4fun
And people called me nutz for saving all my old 72 MHZ gear .
Long live the antenna !!!

Attached Thumbnails Click image for larger version

Name:	futaba_fp_t4fn_72.jpg
Views:	456
Size:	106.3 KB
ID:	2187750  
Old 10-27-2016, 09:46 AM
  #6  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by franklin_m
What prompted the ad hominem attack on the military? For the vast majority of my career we were taught that within the limits of security and privacy, we were taught to be open and honest, but stick to the facts,

How hard would it be to say this? "We are aware of the reports and we are investigating. We take this matter seriously. Pending the results of the investigation, we will comment and take action if warranted."
Oh please, who attacked the military, that is a desperate diversionary ploy there. It's interesting to hear and see what you were taught when you were active duty, back in the day. That was then, and this is now. That was military, this is civilian. If you don't see what the difference is there, and how the two entities would respond, there's nothing I can say that would make a difference. Given your proposed response I can safely say you've never issued a press/media release, or at least not one that's ever dealt with civil litigation. Hint: less is more. There are far fewer concerns about a "no comment" than there are those that will attack and parse what those three sentences. And don't misunderstand, I'd like to see more and be comforted by that kind of language as an end user or consumer, but that's just not what really happens anymore.
Old 10-27-2016, 11:40 AM
  #7  
franklin_m
Thread Starter
 
franklin_m's Avatar
 
Join Date: Nov 2005
Location: State College, PA
Posts: 4,561
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by porcia83
Oh please, who attacked the military, that is a desperate diversionary ploy there. It's interesting to hear and see what you were taught when you were active duty, back in the day. That was then, and this is now. That was military, this is civilian. If you don't see what the difference is there, and how the two entities would respond, there's nothing I can say that would make a difference. Given your proposed response I can safely say you've never issued a press/media release, or at least not one that's ever dealt with civil litigation. Hint: less is more. There are far fewer concerns about a "no comment" than there are those that will attack and parse what those three sentences. And don't misunderstand, I'd like to see more and be comforted by that kind of language as an end user or consumer, but that's just not what really happens anymore.
Oh, let's see. Formal training with actual journalists asking questions. Complete with video tape and debrief (still have video in fact). Handled actual event that was national news story (misconduct by senior officer). Actual event related to civilian water allocations. Speaking at to legislators / legislative bodies on policy.

Why do you think there's firms out there who's business it is to do crisis communications? No comment may work for politicians, but it doesn't work for safety issues. Just ask Tanaka. Just ask VW.
Old 10-27-2016, 12:29 PM
  #8  
ppljr
My Feedback: (94)
 
ppljr's Avatar
 
Join Date: Apr 2002
Location: Grapevine, TX
Posts: 336
Likes: 0
Received 1 Like on 1 Post
Default

This system is called Icarus...

https://youtu.be/2YjQPPc5VW4

Last edited by ppljr; 10-27-2016 at 12:31 PM.
Old 10-27-2016, 12:43 PM
  #9  
ira d
 
Join Date: May 2003
Location: Maricopa County AZ
Posts: 3,249
Received 5 Likes on 5 Posts
Default

Originally Posted by porcia83
There isn't a protocol out there that can't be hacked. HH not commenting immediately is nothing surprising or shocking in any way, . Perhaps what worked for the military public relations machine back in the past doesn't quite fit modern day communication standards. Chances are they will actually research the issue and give a well thought out response rather than just issue an immediate comment. A lot goes into media releases, even more so when it can/might have an effect on the bottom line.
As far as sending a a high level signal that overshadowes the legitimate signal otherwise know as jamming yes all protocols can be jammed. But as for hacking a proper designed system that should be extremely difficult
and only by using equipment not readily available to the average person.
Old 10-27-2016, 04:10 PM
  #10  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by ira d
As far as sending a a high level signal that overshadowes the legitimate signal otherwise know as jamming yes all protocols can be jammed. But as for hacking a proper designed system that should be extremely difficult
and only by using equipment not readily available to the average person.
It can all be jammed, replicated, copied, etc etc. Like all the other emerging "what if" doom and gloom stuff I continue to ask for examples and some statistical probability studies of it happening. We'll never see them, for obvious reasons.
Old 10-27-2016, 04:42 PM
  #11  
2walla
My Feedback: (10)
 
Join Date: Mar 2003
Location: walla walla, WA
Posts: 732
Received 0 Likes on 0 Posts
Default

Futaba already did this when the sent out a bunch of transmitters with the guid set to the same number years ago...
Old 10-27-2016, 05:03 PM
  #12  
ira d
 
Join Date: May 2003
Location: Maricopa County AZ
Posts: 3,249
Received 5 Likes on 5 Posts
Default

Originally Posted by porcia83
It can all be jammed, replicated, copied, etc etc. Like all the other emerging "what if" doom and gloom stuff I continue to ask for examples and some statistical probability studies of it happening. We'll never see them, for obvious reasons.
I no all can be easily jammed but replicated not so easy. Can it be done yes but not by the average RC flyer in fact I believe there are already commercially available jammers on the market but replicators I have not
heard of any.
Old 10-29-2016, 04:10 AM
  #13  
flyinwalenda
My Feedback: (5)
 
flyinwalenda's Avatar
 
Join Date: Oct 2009
Location: Northeast, PA
Posts: 3,975
Likes: 0
Received 1 Like on 1 Post
Default

If you watch the video you can see what appears to be a hard reset occurring on the receiver and not a handshake takeover. This looks more like a "crashing" device.
I suppose if the model was high enough control could be established after a reset but rather doubtful.

I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.

Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.

https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
Old 10-29-2016, 04:42 AM
  #14  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by flyinwalenda
If you watch the video you can see what appears to be a hard reset occurring on the receiver and not a handshake takeover. This looks more like a "crashing" device.
I suppose if the model was high enough control could be established after a reset but rather doubtful.

I don't think one can dismiss this along the lines of " well everything out there can be hacked" and even though a device like this would never get current FCC approval that still wouldn't stop someone from building/buying/using one.

Probably Spektrum can add some encryption to prevent this from working but it may not be as simple as a firmware upgrade considering a lot of receivers can't be upgraded.

https://www.youtube.com/watch?v=abl6oOxLRXs&feature=youtu.be
and yet, the reality is all of this stuff can get hacked, so what? This is nothing more than a continuation of the doom and gloom, what is the worst thing that can/might/may happen in the future, and oh the humanity of it all. Lost in any conversation is the probability of it happening. Not as flashy.

I posted a link to a story about a passenger hacking into the flight systems of an actual plane while in flight....and not a peep out of that story. But oh god, think of downside to our toys being hacked. lol.
Old 10-29-2016, 05:51 AM
  #15  
Flypaper 2
Senior Member
 
Join Date: Mar 2002
Location: Kingston, ON, CANADA
Posts: 4,925
Likes: 0
Received 3 Likes on 3 Posts
Default

I can see one of these being used on one of these new full sized remote controlled cars and tractor trailers. Crank that tractor trailer up to full throttle on a highway, with no one controlling it.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
Old 10-29-2016, 06:19 AM
  #16  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by Flypaper 2
I can see one of these being used on one of these new full sized remote controlled cars and tractor trailers. Crank that tractor trailer up to full throttle on a highway, with no one controlling it.
Why can't these guys design a system that will make our radios IMUNE to interference.
Either that or dump this stuff the dumpster and go flying instead.
You mean like this?

http://www.cnbc.com/2016/10/25/drive...ing-truck.html
Old 10-29-2016, 06:57 AM
  #17  
Flypaper 2
Senior Member
 
Join Date: Mar 2002
Location: Kingston, ON, CANADA
Posts: 4,925
Likes: 0
Received 3 Likes on 3 Posts
Default

Now, if a remote beer truck went off the road in front of my house, that would be another thing.
Old 10-29-2016, 06:58 AM
  #18  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Originally Posted by Flypaper 2
Now, if a remote beer truck went off the road in front of my house, that would be another thing.
Exactly, right?
Old 10-29-2016, 09:40 AM
  #19  
RCKen
RCU Forum Manager/Admin
My Feedback: (9)
 
RCKen's Avatar
 
Join Date: Jul 2002
Location: Lawton, OK
Posts: 27,759
Likes: 0
Received 27 Likes on 24 Posts
Default

I normally try to stay out of discussions like this. But this one is indeed intriguing, and in some aspects just outright scary. While I don't fly a radio using DSMx I have attended and covered plenty of events where I have seen many large models and jets that use JR and Spectrum equipment. It's really scary to think that somebody could at the least most take control of the plane and steal it away from the pilot, and at the least just block the signal and bring the model down..... quite possible where it could endanger spectators viewing the event.

Even worse was this article that I just found while researching more on this subject. Here's the title (and a link to the article):
How to take down irritating drones without shooting them out of the sky

I'm not going to enter into a petty back and forth argument that can sometimes occur when we get into subject matters such as this. That is not the purpose of my post here. I posted here simply to point out that their are people posting in respected places (ZDNet has been around for a long time and is on my list of IT sources that I use to keep myself updated for my daily job, and I've been using it for at list the last 10-12 years) to use this new found exploit for nefarious purposes such as bringing down a drone that's bothering you in your neighborhood. And you can even push that further that it could be used to do something bad, say it could damage another aircraft such as a commercial air liner, and the owner of the drone would be held responsible because it's his name on it. I think it would be really hard to prove that somebody hijacked him.

Now there is one good thing that does come from this. It does allow for a geo-fencing of an area, to at least keep out DSMx radios at least. If you had a no fly zone you could use the technology to take over and land and DSMx controlled aircraft. Here's an article from Business Insider that does talk about how this could be beneficial to law enforcement and other agencies to control overflight of drone.

There's now a way to hijack nearly any drone mid-flight using a tiny gadget

Anyway, I just wanted you guys to see this article. And I've said my piece. I'm going to gracefully bow out and let the discussion continue.

Ken

Last edited by RCKen; 10-29-2016 at 09:44 AM.
Old 10-29-2016, 10:05 AM
  #20  
porcia83
Banned
My Feedback: (8)
 
Join Date: Jul 2009
Location: Hartford, CT
Posts: 7,269
Likes: 0
Received 1 Like on 1 Post
Default

Good stuff, thanks for the links. Technology can be a double edged sword, that's for sure. Here is a comment from someone who actually did the "hack". Looks like all protocols are susceptible.

http://arstechnica.com/security/2016...&post=32136399

"To be clear, ALL the current RC systems are vulnerable to this timing injection attack. I was the one who picked DSMx as our first target because it's the most popular system, my favourite and the one I currently use for all my drones, planes, copters, boats and cars. The attack hardware was a teensy and a cyrf6936 transceiver from my friend at 1bitsquared.com, but we could have just as easily implemented it using the same teensy and a ML2724 to attack DJI and Futaba systems. The issue is that all the RC systems from ALL the manufacturers count on frequency hopping obfuscation to "hide" their broadcasts which are easily gathered en masse and reversed with an SDR, or by using a logic analyzer on their transmitters, there is no cryptographically secure authentication layer on any of the current systems. This timing attack is not difficult, just requires some low level radio and embedded system knowledge and about $100 in parts, and is only the tip of the iceberg in the potential attacks available on current systems. Timing is the low hanging fruit that we picked to attack and demonstrate first. We have further demonstrations planned and Would be glad to talk to any manufacturer about securing their gear. Jonathan will be us in drone hijacking as a lab excercise in his CanSecWest SDR Dojo training course next March, and I highly recommend this course for anyone interested in this area. There are many places this kind of system could be used to detect drones flying in restricted areas (because the attack system can also be used as a drone detection system passively) and to take them over and make them perform controlled landings in safe areas, rather than all the crude systems proposed so far, and we have even more interesting systems, demonstrations and applications planned for future presentations, with the next one likely being at the CanSecWest conferece after Jonathan's training. An interesting side note is that you can actually use a second attack system to hijack the first hijacker, so this gets complicated very quickly"

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Thread Tools
Search this Thread

Contact Us - Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service -

Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.