Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Transmitter. Show all posts

Vulnerabilities in the ExpressLRS Protocol Enable the Takeover of Drones

 

The ExpressLRS protocol for radio-controlled (RC) drones is vulnerable to flaws that might allow device takeover. Researchers warn of vulnerabilities in the ExpressLRS protocol for radio-controlled (RC) drones, which may be exploited to take control of unmanned vehicles. 

ExpressLRS is a high-performance open-source radio control link that achieves maximum range while maintaining minimal latency. An attacker may take control of any receiver by watching the communication from the connected transmitter, according to a recently released alert. After watching traffic from a similar transmitter, it is feasible to take control of any receiver using merely a normal ExpressLRS compatible transmitter. 

An attacker may be able to extract a portion of the identity shared by the receiver and transmitter due to security flaws in the binding process. The examination of this section, along with a brute force attack, can lead to the discovery of the remaining part of the identifier. Once the attacker has acquired the whole identifier, it may use a transmitter to take control of the craft holding the receiver without knowing the binding phrase. This attack scenario is software-capable when utilising typical ExpressLRS compliant hardware. 

“ExpressLRS uses a ‘binding phrase’, built into the firmware at compile time to bind a transmitter to a receiver. ExpressLRS states that the binding phrase is not for security, it is anti-collision.” reads a bulletin published by NccGroup. 

“Due to weaknesses related to the binding phase, it is possible to extract part of the identifier shared between the receiver and transmitter. A combination of analysis and brute force can be utilised to determine the remaining portion of the identifier. Once the full identifier is discovered, it is then possible to use an attacker’s transmitter to control the craft containing the receiver with no knowledge of the binding phrase. This is possible entirely in software using standard ExpressLRS compatible hardware.” 

The ExpressLRS protocol encrypts the phrase using the hashing technique MD5, which is known to be cryptographically weak. The experts discovered that the "sync packets" that are transferred at regular intervals between transmitter and receiver for synchronisation reasons leak a significant portion of the binding phrase's unique identity (UID). The remaining portion may be determined via brute-force assaults or by watching packets over the air without brute-forcing the sequences. 

The advisory read, “Three weaknesses were identified, which allow for the discovery of the four bytes of the required UID to take control of the link. Two of these issues relate to the contents of the sync packet.”

“(i) The sync packet contains the final three bytes of the UID. These bytes are used to verify that the transmitter has the same binding phrase as the receiver, to avoid a collision. Observation of a single sync packet, therefore, gives 75% of the bytes required to take over the link. (ii) The CRC initialiser uses the final two bytes of the UID sent with the sync packet, making it extremely easy to create a CRC check.” 

The third weakness occurs in the FHSS sequence generation. 

“Due to weaknesses in the random number generator, the second 128 values of the final byte of the 4-byte seed produce the same FHSS sequence as the first 128,” the advisory concludes. 

Experts advised the users against transmitting the UID via the control connection while adding that the data used to construct the FHSS sequence should not be sent wirelessly. They also suggest that the random number generator be improved by employing a more secure approach or modifying the present algorithm to deal with repeated sequences.