Did I read that correctly, that you can simply telnet to the copter's IP address and get a (root?) shell just like that?

Not awfully surprising. It's a toy, not a Predator. Security likely was not a major design concern, and I don't really blame them. Probably even intentional to a degree, to make (owner-sourced) hacking easier.

You know the Predators were (and possibly still are) transmitting all their video without any encryption?[1] And they've also suffered virus infection on their ground-station computers?[2]

I don't know whats running on the actual drones, but it wouldn't surprise me at all to find there's well known exploits against something like QNX or VxWorks (or, and I shudder at this thought, Windows CE) that the drones are vulnerable to whilst in-flight…

[1]http://arstechnica.com/tech-policy/2009/12/predator-drones-u... [2] http://nakedsecurity.sophos.com/2011/10/10/malware-compromis...

Not complaining, just slightly surprised. I thought you'd have to go to an extra effort to remove the username+password prompt from the standard telnetds :)

Random factoid: the prompt actually comes from getty, not telnetd.

Yeah. You can probably think of it basically like the wireless equivalent of a Roomba's SCI port.

Looks like you read that correctly. Probably shouldn't be too surprising since they are toy helicopters, though you would probably want to close that if you try to run a taco delivery company with them.

I was surprised too. Anyone have a video of a drone infecting another drone?

The symptoms of infection should be obvious:

    var actions = [
      function () { up(Math.random() * 2 - 1) },
      function () { left(Math.random() * 2 - 1) },
      function () { turn(Math.random() * 2 - 1) },
    ];
    actions[Math.floor(Math.random() * actions.length)]();