There's a reason consumer drones have evolved from an expensive toy into a tool of war: They can perform high-altitude surveillance, carry out reconnaissance, or even deploy weapons, with their operator safely hidden as far as miles away. But hackers are revealing that for quadcopters sold by the world's biggest drone manufacturer, operators aren't nearly as hidden as they might think. In fact, these small flying machines are continually broadcasting their pilots' exact locations from the sky, and anyone with some cheap radio hardware and a newly released software tool can eavesdrop on those broadcasts and decode them to extract their coordinates. At the Network and Distributed System Security Symposium (NDSS) in San Diego this week, researchers from Ruhr University Bochum and the CISPA Helmholtz Center for Information Security demonstrated that they were able to reverse engineer the radio signals of drones sold by DJI, the leading manufacturer of consumer quadcopter drones, to decode a radio protocol they use called DroneID. By deconstructing this signal, the researchers could see that every DJI drone's DroneID communications transmit not only its own GPS location and a unique identifier for that drone, but also the GPS coordinates of its operator.