Behind The Wings: The Case of Reverse Engineering and Drone Hijacking in DJI Enhanced Wi-Fi Protocol

TL;DR

This paper analyzes vulnerabilities in DJI's Enhanced Wi-Fi protocol, demonstrating how control command weaknesses can be exploited to hijack drones using affordable Wi-Fi routers, highlighting urgent security concerns.

Contribution

It provides the first reverse-engineering analysis of DJI's Enhanced Wi-Fi protocol and demonstrates a practical hijacking attack using commercial Wi-Fi equipment.

Findings

Vulnerabilities in control commands enable hijacking

Commercial Wi-Fi routers can be used for attacks

Successful remote hijacking of DJI Mini SE drone

Abstract

This research paper entails an examination of the Enhanced Wi-Fi protocol, focusing on its control command reverse-engineering analysis and subsequent demonstration of a hijacking attack. Our investigation discovered vulnerabilities in the Enhanced Wi-Fi control commands, rendering them susceptible to hijacking attacks. Notably, the study established that even readily available and cost-effective commercial off-the-shelf Wi-Fi routers could be leveraged as effective tools for executing such attacks. To illustrate this vulnerability, a proof-of-concept remote hijacking attack was carried out on a DJI Mini SE drone, whereby we intercepted the control commands to manipulate the drone's flight trajectory. The findings of this research emphasize the critical necessity of implementing robust security measures to safeguard unmanned aerial vehicles against potential hijacking threats. Considering that civilian drones are now used as war weapons, the study underscores the urgent need for further exploration and advancement in the domain of civilian drone security.