Hacker Rahul Sasi has found and exploited a backdoor in Parrot AR Drones that allows the flying machines to be remotely hijacked.
The Citrix engineer developed what he said was the first malware dubbed Maldrone which exploited a new backdoor in the drones.
Sasi (@fb1h2s) said the backdoor could be exploited for Parrot drones within wireless range.
"Once my program kills the actual drone controllers, it causes the motors to stop and the drone falls off like a brick," Sasi said.
"But my backdoor instantly takes control so if the drone is really high in the air the motors can start again and Maldrone can prevent it from crashing."
The research, to be presented at Nullcon next month, could give attackers control of drones or access to on board video feeds to spy on subjects.
The code is different to previously-disclosed attacks in that it bypasses authentication and does not simply rely on cutting and then commandeering wireless connections.
Sasi said it could be combined with the Skyjack attack to make the backdoor wormable.
And it begins, Is nothing safe anymore?