Deadly 'drone modding' site sells hacked apps that let owners fly over ANY airport
Just before Christmas 2018, reports of drone sightings at Gatwick Airport caused the entire runway to be shut down for days – with hundreds of flights cancelled.
Drone makers – including top firm DJI – build "No Fly Zones" (NFZs) into the app, so you can't fly into important places like airports or military bases.
But absolutely anyone can download software from the internet that overrides these features.
We spoke to the engineers (who describe themselves as "original gangsters") behind one of the biggest drone-hacking websites, which helps users break DJI drone restrictions with a small computer file.
According to one anonymous engineer based in the UK, having No Fly Zones built into drones to keep the public safe isn't fair for customers.
"Look out of your window to your driveway, you have a vehicle of sorts there," a NoLimitDronez admin told The Sun.
"Lets say that at the very least, the vehicle can do 100mph. Almost nowhere in the world is this legal to perform these speeds.
"Now tell me how you'd feel if your car maker decided totally arbitrarily that the speed will be limited to a max of 55mph, no matter who you were or where you were driving. That would be annoying and you'd want the extra power and speed you paid for."
UK law prohibits drone owners from flying into the airspace of an airport.
If you endanger the safety of an aircraft with your drone, you can be charged with a criminal offence.
And there's even a maximum jail sentence of five years for the crime, which is intended to deter rogue drone owners from accessing airports.
DJI and other drone makers design their products so that this isn't possible.
"Alongside making market leading, reliable and easy to use drones, safety is at the heart of DJI," Christian Struwe, Head of Public Policy Europe at DJI, told The Sun.
"We have led the industry in developing technology to help ensure drones operate safely and we acknowledge that the vast majority of drone pilots fly responsibly.
"In 2014, we pioneered geofencing systems for our drones, using GPS position to warn or restrict drone pilots from entering locations which pose national security or aviation safety concerns and we have recently introduced our new GEO 2.0 which now covers 32 European countries.
Struwe warned that some drone owners have "a complete disregard for safety and local rules and regulations".
"It is these people who use software to maliciously hack our drones to remove safety features that are designed to provide users with information that will help them make smart decisions about where and when to fly," Struwe told us.
"By tampering with the drone’s software users are breaking the terms and conditions of the after-sales service policy.
"DJI does not condone any software alterations of its drones and would advise users to strongly consider the potential consequences of their actions."
But drone hackers are fighting back against the Chinese tech giant.
NoLimitDronez is currently collecting donations from users, which will be used to fund new hacks into DJI drone systems.
One proposed hack will let the DJI Mavic 2 drone be cracked so deeply that DJI itself can't fix the change remotely.
Fans of the site have already paid nearly $5,000 (£3,800) of the total $10,000 (£7,600) goal for this hack.
"DJI aircraft cost hundreds – or in some cases thousands of thousands of pounds – and there's no legitimate reason why a random Chinese company has any legal or moral obligation or right to tell us what we can, and cannot do with our drones," a NoLimitDronez rep told The Sun.
"We offer our users freedom to do what they want because we believe that choice should be just that, a choice."
According to a NoLimitDronez rep, the site is completely against "flying dangerously", and says "the world always makes idiots".
They added: "Essentially, if you genuinely are up to no good, looking to disrupt flights, dropping drugs or weapons into prisons or cause harm to others in war zones, there's absolutely nothing stopping you from buying any other aerial platform (usually for significantly less cash than DJI charge) for any other maker who isn't DJI.
"Or do what hobbyists did for years and build your own, and end up with a drone with truly no restrictions."
We spoke to a cybersecurity expert who said that drone makers need to do more to shut these hackers out.
Dean Ferrando, Systems Engineer Manager for EMEA at Tripwire, told The Sun: "Discoveries like this are the reason why there should be much more stringent cybersecurity regulations on internet-connected devices and gadgets in general, not only drones.
"With time-to-market being a great impediment to thorough security checks, manufacturers often bolt in security systems after the product has already been designed, rather than designing security into the software during development, opening up a larger and larger unsecured attack surface for cybercriminals to target/exploit.
"With IoT entering our houses and travelling with us on our wrists, it is paramount that vendors realise the responsibility they have towards the public, which is no longer to just keep their data secure, but to keep them safe."
Last edited: