Drones can bring huge benefits - for instance, your realtor can take aerial shots of your property. Or emergency medical supplies can be delivered by drone. But drones also raise privacy concerns.
Though a drone flying over your house and taking photos might be annoying, the privacy of your back yard is not always the biggest concern: drone security issues go much further than that. Drones can be hacked or used to hack other electronic devices. A hacker doesn't even need their own drone - they could hack yours in several ways to make it serve their own purposes. The cyber-security issues will only get more pressing as the population of drones in our skies increases and hackers get smarter at spotting any weaknesses in drone security.
There are several different ways a drone can be hacked. Once the drone has been located, a hacker can potentially take control of the drone, or downlink video or other images which the drone is broadcasting to its base station. Hacking a drone isn't technically very difficult, and many drone operators leave their drones wide open to attack.
GPS spoofing for example, feeds the drone false GPS coordinates. The drone thinks it is following its original flight pattern but in fact is being led to a different location. A hacker out for fun might simply want to crash a drone deliberately, but a drone could also be used to crash into a car, a person, or even another drone. It could also be instructed to land near the hacker so that it can be stolen, together with its payload - which might, for instance, include a drone-mounted camera and the images stored on its memory card.
Drones can be hacked from as much as a mile away. Hijacking the command and control signal between the operator and the drone can deliver full control of the drone and its systems to the hacker. The radio signal is often unencrypted, making it easy to decode with a packet analyzer (or 'sniffer'), so hacking a drone signal isn't technically demanding. The signal might also simply be jammed, leaving the drone with no way to navigate itself.
Security researcher Samy Kamkar's Skyjack experiment in drone hacking went further, using a hijacked drone with a Raspberry Pi payload to hijack multiple other drones, creating a swarm under the hacker's control. Hacking a drone with another drone vastly expands the potential of the threat - it could be compared to the way botnets operate to perform DDOS attacks — taking over vast numbers of individual computers and devices.
Downlink threats allow a hacker to intercept data being transmitted from the drone to a base station. If video, for instance, is being broadcast from the drone to the controller, as is the case with First Person View (FPV) systems, it's vulnerable. That's particularly the case if the data is unencrypted (which is often the case with consumer systems).
If you're worried about your own drone's security, you are not alone. Fortunately, there are many ways to make any drone more secure against the threat of drone hacking. These drone security tips should help secure your drone:
Traditionally, computer systems have been protected around the perimeter, both in terms of the computer network and physically. However, data has become more mobile as Wi-Fi and the Cloud make it possible to access data from anywhere. Plus, the Internet of Things, together with RFID, enable data flows between smaller devices, such as security cameras, pallet labels, and goods tags in retail stores.
Technologies such as Wi-Fi, Bluetooth and RFID generally work only within a limited area, so physical access restrictions can often prevent hacking. But drones give hackers more mobility.
For instance, a small computer, such as a Raspberry Pi or ASUS Tinker Board, could be loaded onto a drone and dropped on the roof of an office building. It could then be used to carry out cyberattacks exploiting Wi-Fi, RFID or Bluetooth vulnerabilities. It could mimic a Wi-Fi network in order to steal data from tablets and smartphones, or hijack Bluetooth peripherals, such as mice and keyboards. Keylogging would enable a drone-mounted computer to steal passwords from users.
Drones come under the remit of the Federal Aviation Administration (FAA) as Unmanned Aircraft (UAs) or Unmanned Aerial Vehicles (UAVs). That protects them in two important ways:
So, any defense measures you take must focus on protecting your space and your data.
Geofencing is one way of dealing with the drone menace. Using GPS or RFID based software, geofencing creates a virtual border around a specified location. It will generate a response whenever an unauthorized drone enters the area, and controls wired into commercially available drones prevent them flying into (or taking off in) geofenced areas. Big drone makers like DJI and Parrot have installed geofencing for vulnerable sites, such as airports, prisons, and power stations in their drones.
However, some hackers have found ways to remove the geofencing software that prevents regular drones flying into restricted areas. Hacks for drones are easy to find on the internet; meanwhile, the simplest way to block geofencing is simply to fold tinfoil around the drone, blocking the GPS signal.
Geofencing is also not available to most consumers, despite an attempt in 2015 to start a No-Fly Zone registry.
If you can't block drones, can you detect them? There are a few ways to find out if a drone is coming your way, but all of them have flaws. So far, there's no 100% reliable way to catch a drone.
Radar is one method of drone detection, but it's not particularly reliable; for instance, it can mistake birds for drones. Acoustic sensors may be a better way to detect unwanted drones, since they can be programmed to recognize the sound signatures of particular drone types.
RF scanners can catch drones by checking the electromagnetic spectrum; they recognize drone transmissions. But drones that rely on GPS and don't use radio signals to navigate will not be caught this way.
Finally, thermal imaging detects the heat emitted by objects. This enables drones to be traced by their thermal footprint. However, there's a high rate of false positives.
Detecting and stopping drones is difficult. So rather than trying to spot malicious drones, most users are better served by stepping up their basic home and wireless security.
If you’re worried about drones invading your airspace, then a solution like Kaspersky Antidrone will help you regain that peace of mind. But if you're worried about drones stealing your data, the best way to protect your data is by ensuring you've locked down your data security.
The FAA believes that the big opportunity for drones isn't the hobby market, but the market for commercial drones. Drones could make deliveries, support surveying and mapping services, monitor crops, and be used for building safety inspections where it's dangerous for an inspector to go.
Given the possibilities, there will certainly be more drones around and that will create a bigger drone security threat.
It may not yet be clear how drones can improve their security, but businesses will have to do so before commercial drone use becomes widespread. So, it's important that drone security issues are properly addressed by drone manufacturers, as well as commercial users, and that you lock down your internet and home network to be safe from the menace of drone hacking.