"Hack Allows Drone Takeover Via 'ExpressLRS' Protocol"

A flaw in the mechanism that connects the transmitter and receiver makes a radio control system for drones vulnerable to remote takeover. The popular ExpressLRS protocol for radio-controlled (RC) aircraft can be hacked in just a few steps, according to researchers. ExpressLRS is an open-source long-range radio link designed for RC applications like first-person view (FPV) drones. Its creators said it was designed to be the best FPV Racing link. The hack employs a highly optimized over-the-air packet structure, providing simultaneous range and latency advantages. The protocol is vulnerable because some of the information sent over-the-air packets is link data that a third party can use to hijack the connection between the drone operator and the drone. Anyone who can monitor traffic between an ExpressLRS transmitter and receiver can hijack the communication, giving them complete control of the target craft. An already-flying aircraft would most likely experience control problems, resulting in a crash. This article continues to discuss the source, potential exploitation, and impact of the vulnerability in the drone protocol. 

Threatpost reports "Hack Allows Drone Takeover Via 'ExpressLRS' Protocol"