As drone technology continues to evolve, so do the systems designed to track and regulate them. One such system is Open Drone ID, an FAA-recognized remote identification protocol that allows drones to broadcast telemetry and identification data, similar to ADS-B for airplanes. While this was implemented for safety and accountability, serious security flaws leave it wide open to spoofing attacks that can flood drone tracking systems with fake UAVs.
Because Open Drone ID transmits unencrypted data over Bluetooth and, in some cases, Wi-Fi beacon frames, anyone with a basic ESP8266 microcontroller can intercept and spoof drone signals, generating phantom drone swarms that appear in real-time on tracking apps, law enforcement tools, and airspace monitoring systems. In tests, we were able to spawn up to 16 fake drones per module, each with its own GPS coordinates, altitude, speed, and operational status — all indistinguishable from legitimate UAVs.
This vulnerability presents serious risks to aviation safety, particularly in environments where manned and unmanned aircraft share airspace. Emergency responders, commercial drone operators, and even airports could face overloaded tracking systems, where separating real threats from spoofed drones becomes a logistical nightmare.
In our controlled tests, where we monitored packets using Wireshark and analyzed them with opendroneid-wireshark-dissector, fake drones displayed impossible telemetry — appearing at unrealistic altitudes, moving at excessive speeds, or showing up in physically impossible locations — offering one of the few clues to their fraudulent nature.
By adding a GPS module flashed with our Drone Swarmer code based on the Remote ID Spoofer repo on GitHub, attackers can ensure spoofed drone locations match real-world coordinates, making the swarm appear right where they want it. Without this modification, most spoofed drones default to locations in China, requiring manual GPS adjustments in the firmware. Once synchronized, these fake UAVs can appear to move alongside real drones, potentially masking unauthorized drone activity in sensitive areas.
While Open Drone ID was developed with good intentions, its reliance on unsecured broadcast signals makes it unreliable for security applications. While network-based Remote ID solutions may include authentication, the broadcast-based Open Drone ID protocol lacks encryption and verification mechanisms, making it vulnerable to spoofing. Without these protections, there’s no built-in way to differentiate real drones from spoofed ones, leaving airspace monitoring systems susceptible to deception and overload attacks.
This flaw raises major concerns for aviation safety. Manned aircraft rely on ADS-B transponders, which broadcast telemetry data for tracking and deconfliction. Civil ADS-B is also unencrypted — and so is Open Drone ID — making them susceptible to similar spoofing concerns. Until stronger cryptographic security is implemented, drone detection tools and airspace monitoring systems will remain vulnerable to interference from low-cost spoofing devices.
Products used in the Drone Swarmer
If you’re interested in studying Open Drone ID vulnerabilities, here are the components used to create the spoofed drone swarm:
When you calculate the price to build one drone swarmer spoofing device, it’s close to $20 on average. This assumes you already have a drone to attach it to. We used a DJI Mini 2, which costs hundreds of dollars, but cheaper drones can also work.
How to stay within legal limits
Before experimenting with Open Drone ID security, always check Airspace Link or similar services to ensure your testing area is legal for drone flights. Never deploy drone spoofing in restricted airspace, airports, or populated areas. The purpose of this research is to highlight vulnerabilities — not to interfere with real drone and aircraft operations.
Don’t Miss: Create Your Own Ethical Hacking Kit with a Raspberry Pi 5
Cover photo by Null Byte.
