NCC Group experts discovered vulnerabilities in the protection of the ExpressLRS protocol, thanks to which hackers could gain full control over the drone. ExpressLRS is a radio control system under development as an open source project.

The vulnerabilities are in the phase of connecting the receiver (or receiver with drone) and transmitter, experts said. The point here is that ExpressLRS uses a binding expression for mapping. It ensures that the right receiver is connected to the right transmitter. The vulnerabilities allow part of the unique identifier of this binding expression to be omitted. The rest are selected by sorting. Once fully identified, the attacker can use its transmitter to control the drone.

Fortunately, experts have suggested ways to fix this problem.