Right now most civilian drones are owned by hobbyists for recreational use, but many companies are exploring commercial uses. Drones have already been used for shooting nature documentaries and commercials, aerial surveys on remote properties, checking on crops for farmers and even delivering pizza. They have the potential to revolutionize many aspects of our daily lives. But drones haven’t escaped the notice of cyber criminals.
Why Are Hackers Targeting Drones?
Drones can carry small payloads, which often includes a camera for transmitting wireless video back to the operator. Cyber criminals might tap into the video signal and gain access to valuable surveillance information, or simply hijack the drone to steal it and its cargo or perform other illegal activities.
It seems certain that at some point drones will be required to carry identification information. When that happens, a cyber criminal might hijack a drone to avoid identification much like a street criminal would steal a car to perform a robbery.
Even with legal drones one of the biggest security concerns is their current lack of traceability. Here in the United States, a civilian drone entered the restricted area around the White House during the early morning hours of January 27th and crashed on the lawn. Officials had no way of identifying who it belonged to or what their intentions were. The crash turned out to be an accident and the operator turned himself in the next morning, but it was a wake-up call for security experts. Other operators aren’t so benign. In the United Kingdom police have already confirmed high-tech burglars are using drones to identify houses vulnerable to break-ins.
Why Are Drones Vulnerable to Hacking Attempts?
Unlike simple remote-controlled helicopters, drones have their own computing power. Think of them as flying smartphones without the screen. They have GPS capabilities and can fly along pre-programmed paths, or the operator can manually control them from afar using WiFi signals. If a drone loses control signals from the operator it can return to a designated location on its own.
On the same day the drone crashed on the White House lawn, a cyber security expert uncovered a flaw in Parrot® drones that allowed malware to kill their engines and make them fall from the sky. If the drone is high enough, the malware can restart the engines and take control of the drone.
This isn’t the first time Parrot drones have been used in a drone hack. Two years ago, a legal hacker released instructions on how to build a Parrot drone capable of tracking down other drones and hijacking them using wireless signals. Dubbed SkyJack, the hijacker drone monitors wireless signals and targets MAC addresses registered to Parrot drones. It can force the targeted drone to disconnect from the device controlling it and connect to the hijacker’s signal.
The problem is lack of stringent security measures built into drone operating systems. Many drone models have no security or rely entirely on weak WiFi security measures. As drones become more popular and widely used, drone manufacturers must take the threat of potential drone skyjackers more seriously.