Autel Security

herein2021 · Feb 13, 2021

Quad808 said:
ok, here is the truth of the matter. DJI drones, since the P4, ALL BROADCAST THEIR ID. PERIOD. Can you turn this off? Yes. Well....YOU can't, but it can be done.
Can this be hacked and "spoofed"? Yes. It has been done and shown that it can be done. Do Autel drones broadcast their ID? Don't think so, but we have just started looking into the firmware and its capabilities. This could easily be turned on, if supported in their firmware, which I have no direct knowledge that it is. (haven't really looked yet to tell the truth)
As to herien2021's incident of his drones forced landing, I bet it was due to a TFR, which DJI's NFZ now picks up. Installing the FLY app, most likely updated the NFZ database on the phone or tablet. (shared database between DJI apps) You can NEVER, EVER update the app, or update firmware, and always firewall the app from internet access. DJI is very tricky when it comes to their apps...forced updates, data theft etc. (All proven) The DJI Apps will even launch, and connect to the internet in the background....yes, this is also proven fact. This is why you firewall their apps. Autel does not, from what we have seen so far.
Autels latest firmware makes you contact them and register the drone so it activates the warranty. You do NOT need to sign into the Explorer app, so they do not get your account info, UNLESS you want them to by signing into the app...unlike DJI which FORCES you to sign into the app, or you basically can't fly your drone. DJI drones MUST be activated with your account, in order to unlock them to fly. Are there ways around all of this "nanny state" stuff coming out of China on their drones? Yes.
Y E S ! You just need to go to the right place.

*Do I firewall the Autel Explorer app, the same as I firewall all DJI flying apps? No, I do not. This should tell you something.

I checked for TFRs before the flight too, I really think the GPS or something glitched and thought I was within one of DJI's red zones. I hadn't updated in years, but when I got the DJI Mini 2, I had to get the new app to fly it; this incident happened on the very next Mavic Pro flight.

MNT DRONE SOLUTIONS · Feb 13, 2021

izometric said:
What about the authorities intercepting the telemetry and pilot location on the ground?

Is there any way they can do that? Something similar to Aeroscope from DJI?

Yep....it's called remote ID and we will all get force fed a piece of that pie in just 24-30 months

PTBperegrine · Feb 16, 2021

herein2021 said:
Funny thing is. even the military drones have been hacked many times: Militants Hack Unencrypted Drone Feeds (eweek.com) so I am sure any consumer grade drone has far less protection than that. The bad news is there's no financial incentive for consumer drone makers to add more security to their drones. The good news is there's also no financial incentive to hacking consumer drones not to mention the whole within range requirement.

Even if somehow a consumer drone maker decided to just spend the millions in R&D to integrate real encryption into their video and control feeds, they would not only never recover the costs, they would lose customers due to the decreased battery life, decreased range, or increased size of the drone; there's simply no free ride.

It's kind of ironic though, DJI did put extensive firmware security into their latest drones to make sure the geofencing could not be removed and the firmware could not be overriden; how's that for focusing on what's important.

Except, of course, for the purveyors of "Anti-Drone Technology, who have a very financial motivation to be able to override control of your drone to stop it, drop it or redirect it...

Madhungarian · Feb 17, 2021

CrashRecon 2 said:
Does anyone know the type of security used between the controller - drone - controller. In regards to mitigating interception and "hijacking" the signals/data from an outside operative.

It says it right on your drone, that is why all of these devices needed to be summitted to the FCC and accepted before being put to sale, must meet certain guidelines, especially the ones that are listed on any drone. Look at 2.

PTBperegrine · Feb 17, 2021

Good spotting!

Rubik3x · Feb 17, 2021

Madhungarian said:
It says it right on your drone, that is why all of these devices needed to be summitted to the FCC and accepted before being put to sale, must meet certain guidelines, especially the ones that are listed on any drone. Look at 2.View attachment 9797

Where on the EVO 2 did you find that label? The only FCC label on mine is inside the battery compartment and it doesn't have any reference to those "conditions".

Madhungarian · Feb 17, 2021

Rubik3x said:
Where on the EVO 2 did you find that label? The only FCC label on mine is inside the battery compartment and it doesn't have any reference to those "conditions".

Mine is original Evo , the Evo 2 has it in their manual. Looks like they did not have enough space to put it on the drone.

Page 65

https://cdn.shopify.com/s/files/1/1538/0803/files/EVO_II_Series_User_Manual_En_Issue_Version.pdf?v=1611663314

kenautelevo2pro · Feb 17, 2021

there is absolutely no way any drone is flying in America without fcc. you don't even need to look for it...ain't going to happen. LOL

herein2021 · Feb 18, 2021

Madhungarian said:
It says it right on your drone, that is why all of these devices needed to be summitted to the FCC and accepted before being put to sale, must meet certain guidelines, especially the ones that are listed on any drone. Look at 2.View attachment 9797

Accepting interference is not the same thing as being wide open to hacking; accepting interference simply means that the transmitter and receiver cannot use active counter measures when radio interference is detected such as increasing the signal gain or attempting to override/jam the source of the interference. Wireless home routers must also accept any radio interference that they encounter yet the data being transmitted and received within the WiFi signal can have as many layers of encryption as the owner cares to add.

Madhungarian · Feb 18, 2021

herein2021 said:
Accepting interference is not the same thing as being wide open to hacking; accepting interference simply means that the transmitter and receiver cannot use active counter measures when radio interference is detected such as increasing the signal gain or attempting to override/jam the source of the interference. Wireless home routers must also accept any radio interference that they encounter yet the data being transmitted and received within the WiFi signal can have as many layers of encryption as the owner cares to add.

No but the FCC limits transmission to 1w of power from transmitter to drone\receiver, meaning anything else that runs on the same frequency and has more power can disrupt communications and disable the drone usually by jamming.

I do not know about active counter measures, my crossfire transmitter automatically is set to increase power when it detects low RSSI and LQ.

kenautelevo2pro · Feb 18, 2021

Madhungarian said:
No but the FCC limits transmission to 1w of power from transmitter to drone\receiver, meaning anything else that runs on the same frequency and has more power can disrupt communications and disable the drone usually by jamming.

I do not know about active counter measures, my crossfire transmitter automatically is set to increase power when it detects low RSSI and LQ.

think about a mobile phone.

herein2021 · Feb 19, 2021

Madhungarian said:
No but the FCC limits transmission to 1w of power from transmitter to drone\receiver, meaning anything else that runs on the same frequency and has more power can disrupt communications and disable the drone usually by jamming.

I do not know about active counter measures, my crossfire transmitter automatically is set to increase power when it detects low RSSI and LQ.

Yes it definitely means that the signal can be jammed but so can any other signal. Apparently the only one who is authorized an outright jamming device is the government so the usual do as I say don't do as I do.

Jamming is still typically considered to be in a different category than hacking; jamming just means that a strong signal that deliberately over powers your transmitter's signal is transmitted; as long as the drone has a good RTH altitude and no obstructions that it cannot overcome it will still return home. Hacking specifically is taking control over your craft, or intercepting the video or control signals.

As per the FCC the drone is not legally allowed to do anything about a jamming signal (and neither is any other consumer grade FCC certified wireless hardware), but if the drone makers were so inclined they could encrypt the video and control signals which would make taking control over the drone much harder.