Experts from NCC Group have discovered vulnerabilities in the security of the ExpressLRS protocol, thanks to which hackers can get a full
Experts said that vulnerabilities areat the stage of pairing the receiver (or drone with the receiver) and the transmitter. The fact is that ExpressLRS uses a binding phrase for pairing. It ensures that the correct receiver is connected to the correct transmitter. Vulnerabilities allow extracting part of the unique identifier of this binding phrase. The rest is sorted out. Once the full identifier is set, the attacker will be able to use his transmitter to control the drone.
Fortunately, experts have suggested ways to solve this problem.