Drone security

Samy Kamkar, 26 Oct 2016

The drones are upon us. The unmanned aerial vehicles are incredible tools for everyday use in a multitude of industries. With the massive production of sensors and technology required to produce drones, we are seeing constant reductions in price, improved features, and advancements of software almost daily. These machines are typically controlled with a remote controller or autonomously via GPS. There are thousands of potential uses for drones. However, the technology may also be a threat, both in being used premeditatedly to do harm to people or property; or being hijacked by for the purpose of theft or causing damage.

Probably the most common area of drone use is videography, from amateur cinematographers to high budget movies. Drones are further active in agriculture, especially with infrared cameras that can help investigate crop health. Infrastructure, such as electric and water, are now using drones with HD cameras as a safer and faster method of performing inspection. Mining and other industries are using drones to perform surveying quickly and accurately, and additional technologies such as Real Time Kinematic (RTK) GPS are aiding in super-accurate, down to the centimeter, accuracy. Other drone uses include search and rescue, mapping, emergency response, and environmental monitoring.

Physical threats and prevention

There is already evidence of drones interfering with aircraft airspace, resulting in changing course or near collision. Firefighters have found their aircrews compromised by drone activity. Drones may be used to carry dangerous or hazardous payloads, which can be a threat to other aircraft, building or object on the ground. What makes this worse is the fact that depending on the drone, it may be impossible to track down the original owner, especially if it is custom built and not registered. The technology to build drones from scratch are readily available and trivial with the amount of freely available resources available online. There are videos on YouTube of drones loaded with weapons, some even designed by children.

Such threats are resulting in prevention technologies. An anti-drone bazooka has been developed. An operator holds a pneumatic gun pointed towards a drone, firing when ready while a large net flies out up to 330 feet to take out the drone, containing tracking software to ensure the drone is captured. A similar concept air- rather than ground-based solution has been developed using a defensive drone. This drone flies around with a net cannon and when ready, shoots the net out at the other drone. While the distance of the projectile is shorter – drones struggle to carry a heavy gun -, the drone is maneuverable and can pursue the rogue drone to much greater distances. Police forces in the Netherlands are currently training hawks and eagles to take-out rogue drones while airborne.

Remote control

A further means of combatting a rogue drone comes from the jamming or interception of radio frequency (RF) signals. Drones have a number of navigation sensors, including a gyroscope, accelerometer, magnetometer or digital compass, and barometer or air pressure sensor. Additional location sensors include GPS, which uses RF for geolocation. Wi-fi can provide location information, infrared (thermal) light detects objects, and optical cameras help avoid obstacles. LIDAR uses laser light for detecting distance from an object, and ultrasound uses sound outside of the range of human hearing to detect distance from an object.

While these sensors are used, drones themselves can typically be programmed to either fly an autonomous path via GPS signals, to fly an autonomous path by sensors, such as to follow an object based off of its color or shape, and to be manually controlled over radio frequency from a transmitter (controller) or telemetry from a controller or computer.

One of the most direct methods of control is to use a transmitter. Jamming RF will cause the drone's transmitter, telemetry and GPS to fail, though this is illegal in most jurisdictions, and will cause issue with other RF equipment on the same frequencies in the area. A more interesting technique would be to spoof or take over some of the RF communication.

Skyjacking

Drones can be skyjacked by use of a Raspberry Pi single board computer attached to a drone that can detect and intercept the radio communication of the targeted drone. This technology disconnects the true owner, preventing them from reconnecting or regaining control, and provides the attacker with a live video stream of the drone. Even more, it skyjacks any other drones in the area..

Another technique is to attack target drones across different protocols, including both proprietary RF communication of drones and even GPS. With GPS spoofing, an attacker is able to make the drone believe it is in an entirely different location. This is useful if drone is on an autonomous path using GPS to detect its location. This is typically the only way a drone truly knows its location and is often the only method of autonomous flight on most drones. The fact that GPS has no authentication or encryption allows inexpensive equipment to be used to spoof the signal, allowing an attacker to redirect the drone.

If RF communication, such as a transmitter or telemetry, is being used to control the drone, intercepting the RF communication and sending other commands is entirely possible. By scanning the electromagnetic spectrum for signatures of known drone RF communication, drones can be detected when airborne and nearby, and the protocols can be reengineered, allowing new commands to be transmitted to the drone, even to receive live feeds from the drone if it is transmitting.

Some drones employ techniques to make it difficult to jam the communication of the drone or to discover its communication channel. Once such technique is called FHSS, or Frequency Hopping Spread Spectrum. It is used to prevent intentional jamming, frequency discovery, and interception. However, after inspecting the FHSS  mechanisms of several consumer and industrial drones, several security flaws have been discovered. Often these drones will “hop” frequencies, using several to dozens of frequencies per second, in what seems like a random pattern. The issue becomes that a pattern actually can become apparent in some cases, or reverse engineered out of their software or hardware in other cases. Once the pattern has been discovered, and without any additional security on the communication, an attacker can build their own transmitter to discover the hopping pattern and automatically connect the drone, sending its own commands. This can be done with inexpensive, off the shelf equipment, even for proprietary sub-GHz and 2.4GHz proprietary RF protocols used on some common drones and aerial transceivers.

Other attacks

Drone sensors themselves can be attacked, although less research has been done in this area.. One interesting example is where researchers used ultrasound to affect the IMU (Inertial Measurement Unit, which contains the gyroscope and accelerometer). The ultrasound pressure actually causes some of the sensors to believe they are in a different position than they actually are. Additionally, certain frequencies of light directed at the optical sensors can fool the sensors or prevent them from detecting objects. , Specialized microphones and speakers can be used to spoof ultrasound communication to also fool the drone into believing an object is in its way or not in it way.

Conclusion

Drones are a technology of significant potential, and their usefulness is only growing. The attack surface of drones today is quite wide, and with new technology, additional protocols and sensors, and new methods of communication and control, drones only pose more of an issue as little has been addressed regarding their security. While we see threats across tdrones and their uses, fortunately commercial defences are being developed, with the hope that they minimize potential threats and the abuse of drones. This will help make conditions more favourable in using drones to help improve our daily lives.

Author

Samy Kamkar

Privacy and security researcher, computer hacker, whistleblower and entrepreneur

Samy Kamkar is an independent security researcher, best known for creating the MySpace worm, one of the fastest spreading viruses of all time. His open source software and research highlights the insecurities and privacy implications in every day technologies, from the Evercookie which produces virtually immutable respawning cookies, SkyJack, the drone that wirelessly hijacks other drones, to RollJam, a device that can unlock virtually any car wirelessly.

Related articles

Increasing job efficiency through drone geospatial data

Jean-Christophe Zufferey, 26 Oct 2016

Aerial imaging used to involve either the commissioning of expensive manned planes or relatively low-resolution and sometimes out-of-date satellite imagery. However, with the arrival of drones or unmanned aircraft systems (UAS), professionals in need of accurate geospatial data can achieve the bird’s eye view they require to assess the situation on the ground cost-effectively, at a higher resolution than satellites can provide, and–critically–at a time that suits their exact schedule and data needs.

Underwriting drones

Kate Browne, 26 Oct 2016

For many industries drones have a significant advantage in terms of precision, convenience, and cost over more traditional solutions such as people, planes or helicopters. The insurance industry will likely play a critical role in the growth of this exciting new industry.

Drone fever and privacy policy: A US perspective

Lisa Ellman, 26 Oct 2016

We find ourselves at a historic time for Unmanned Aircraft Systems (UAS or drone) policymaking in the United States. Technology has moved forward quickly, and what used be considered toys are now must-have tools for industry. Drones have substantial safety and efficiency benefits for tasks ranging from insurance applications, to precision agriculture, to infrastructure inspection, to newsgathering, to package delivery – and everything in between.

Regulating the eye in the sky - Drones, privacy and data protection

Sally Annereau, 26 Oct 2016

All children of the 1970s understood that if an object in the sky was not identifiable as a bird or a plane, then it had to be Superman. Today however it is more likely to be an unmanned aerial vehicle or a 'drone' as they are more commonly known.