The drone, an Adaptive Flight Hornet Mini, was hovering at around 60 feet, locked into a predetermined position guided by GPS. Then, with a device that cost around $1,000 and the help of sophisticated software that took four years to develop, the researchers sent a radio signal from a hilltop one kilometer away. In security lingo, they carried out a spoofing attack.

“We fooled the UAV (Unmanned Aerial Vehicle) into thinking that it was rising straight up,” says Todd Humphreys, assistant professor at the Radionavigation Laboratory at the University of Texas.

Deceiving the drone’s GPS receiver, they changed its perceived coordinates. To compensate, the small copter dove straight down, thinking it was returning to its programmed position. If not for a safety pilot intervening before the drone hit the ground, it would have crashed.

But for Humphreys playing the part of an evil genius in a thriller movie, everything worked exactly to plan. “It was beautiful,” he tells Danger Room.

The rogue takeover exploited a vulnerability in GPS to take control of the drone. It was, by Humphreys’ accounting, the first time somebody proved a civilian drone could be hijacked. Last year, when the CIA lost a drone in Iran, there were reports indicating the Iranians might have launched a spoofing attack and tricked it into landing, but we’ll never know for sure. Also, in September 2011, North Korea reportedly forced a U.S. spy plane to land with a jamming attack.