Drones, like other connected devices, are open to possible hacking. Security researchers have shown that many consumer drones and some commercial drones have serious vulnerabilities that could allow them to be hacked up to a mile away. Vulnerable models include some of the drones from Yuneec, Xiaomi, Parrot, DJI, and 3DR, as well as the Aerialtronics police drone. These vulnerabilities raise serious safety and privacy issues for consumers and enterprises and their clients.
Dangerous When Hacked
So far, most hacking incidents of commercial drones have been tests to identify security issues and rectify them, not exploit them. However, as long as weaknesses exist and their systems are exposed, hackers will find creative ways to compromise or take control of these unmanned aerial vehicles (UAVs). This makes drone flight controls, sensors, imagery, video, data, and base stations vulnerable to attack. Those weaknesses pose a threat to safety, data security, and privacy.
Depending on the level of control achieved, hackers could make a drone unresponsive, crash it into a building, airplane, vehicle, or person, or fly it away and steal it. They may also alter waypoints, change the flight data, set a different home position, capture data and image streams, or do anything that a drone owner can do.
Criminals and criminal organizations may want to take control of a drone to anonymously gather images and intelligence for a robbery. Drones can also be used to invade privacy or breach the secure physical or Wi-Fi perimeters of enterprises. There are also very real risks of terrorists taking control of a drone or multiple drones to carry out an attack.
Drone Security Measures
Most manufacturers have developed basic security measures to minimize the possibility of hacking. To solve hacking and other issues, a new industry has emerged in commercial drone software. Drone flight and data management platforms are being developed that control all functions with an encrypted, unified interface that is more secure. Much has been done in this area to provide more secure UAVs and platforms. However, vulnerabilities still exist, as evidenced by multiple websites in the U.S., the EU, and Russia that list vulnerable drone models and include the tools and scripts to hack them.
How to Hack a Drone
To gain control of a drone, hackers first need to find them. A UAV and the pilot’s base station can be detected using radio frequency (RF) sensors. Other methods include radar, infrared (IR) sensors, and acoustic sensors.
Once a drone has been located, there are several ways to hack it. One way is by spoofing or simulating the GPS signal the drone uses to navigate. A GPS signal simulator concatenated with an RF frontend can generate GPS signals that appear authentic. This could be efficient against commercial GPS receivers – especially if the spoofing signal strength is higher than the authentic GPS satellite signals. By feeding it false GPS coordinates, the drone could be directed to fly to a specific location or to crash into a building, vehicle, or person. Or it could be forced to land near the hacker so they can steal it. Similarly, a GPS jammer can be used to cause vulnerable drones to land, fly off course, return home, or crash by preventing the drone from receiving GPS signals.
Another method is through jamming or hijacking the command and control signal between the operator and their drone. Jamming this signal could have a similar effect to GPS jamming – except for some drones that have a “return to home” failsafe if they lose the control signal. The radio signal is not always encrypted and can be decoded using a packet sniffer. If a hacker hijacks the control signal, they may gain partial or full control of the drone and its systems, camera, and sensors.
A third method that is also vulnerable to spoofing is the Federal Aviation Administration (FAA) ADS-B system used for air traffic control and by drones and other aircraft to communicate with each other and avoid collisions. A hacked drone could also be used to broadcast false ADS-B signals. This could cause confusion for other aircraft or ground control at an airport with potentially fatal consequences.
Downlink threats are another category that includes intercepting video, images, or data broadcast from the drone to the base station. Video footage taken by drones (especially consumer models) is often transmitted via an unencrypted radio format that could theoretically be intercepted, stored, and transferred by anyone within range.
Swarms of Hijacked Drones
While the hijacking of a single drone could cause problems, a swarm of hijacked drones could spell disaster. In 2016, Samy Kankar demonstrated how to hijack a drone from 1 mile away using standard radio frequencies to reprogram the software on the drone. This made the drone think that he was the legitimate pilot, giving him total control. Then he took the concept further by developing a hacking device called Skyjack. If Skyjack was attached to a UAV, then scanned for nearby drones with vulnerable MAC addresses, it could hijack them and gather up a swarm of drones controlled by a single hacker with an inexpensive Raspberry Pi controller.
Protect Your Drone and Yourself
Obviously, much work needs to be done by manufacturers to improve the cybersecurity of drones to protect the drones (and us!) from hackers, criminals, and terrorists. As long as these vulnerabilities remain unresolved, they place a potential limitation on the growth of the drone market as well as the kind of applications for which drones can be used. A high profile disaster as the result of a hacked drone or drones could put a damper on the demand for drones and could delay the release of more favorable regulations – or even cause regulations to become more restrictive.
While we wait for UAV makers and drone platform providers to improve their security, there are a few measures we can take as consumers and enterprise clients to mitigate some of these issues.
First, make sure the firmware in your drone is up to date. Next, make sure to use a strong password for the base station app. Set a limit of one for the number of devices that are allowed to connect to the access point. You can use a secure remote storage provider with two-factor authentication and full encryption.
Then use a VPN to secure and anonymize your digital connection from your laptop or mobile device to your storage server. And make sure your laptop or mobile device has strong anti-virus protection and is free of malware, which is a major vector for stealing drone login credentials as well as data extraction.
Next Blog: Drone Countermeasures
Stay tuned for how to handle rogue drones. I will cover some drone countermeasures in my next blog.