Since their inception, drones are becoming a huge concern. Commercial airlines are afraid of the possibility of collision, while property owners worry about their privacy being invaded. Apparently, there is another risk – and it is the narrative involving the jamming or hijacking of a drone in flight.
In recent years, several studies about public vulnerabilities for these flying devices have been raised. In fact, there are countless hacking attacks read about in everyday newspapers. There are many ways to hack a drain and even gain control of it. Plugging in between the remote controller and drone and simulating the flight planning software are just two of the many ways this unmanned aircraft vehicle can be hacked. But perhaps the most interesting part is what exactly the hack wants to achieve.
Unfortunately, a lot of people across the world – especially those who won a drone – underestimate how easy it is for hackers to hijack a drone. So, how exactly are drones hacked? Let’s take a look at it.
How Drones Are Being Hacked
Drones are pretty similar to other electronic devices and, thus, are not immune to hacking attacks. And with the existence of GPS, video data and control data, and telemetry transmissions, among others, a deluge of attack options are made. Even drones with wireless data transmission cannot escape a hacker’s ensnare, especially since it can be tapped within seconds, not to mention the possibility of changing control signals to obtain full control.
Interestingly, though, some of the consumer drones out there are under the jurisdiction of laws; hence, hacking them can be easily prevented. Take for example Sweden, a country with strict laws concerning drones. Basically, the country prohibits the idea of using camera drones unless the owner is able to prove the necessity of using one. And until he can do so, he will not be given the power to use his UAV.
Add to this the fact that drone manufacturers are continuously improving their ways of making drones. Each day, newer technology is also developed and applied in order to reduce the possibility of hacking attacks. The only catch, though, is that the topic of drone hacking tends to change on a daily basis. What is more, hackers are so clever they can easily find new ways to pursue their goals.
In general, there are four different types of attacks a hacker use when attacking a drone. They are the following:
- Data Thefts
- Fly-Away Attacks
- Lock-Out Attacks
- Take-Down Attacks
The problem with most Internet of Things (IoT) devices like drones is that they usually have issues when it comes to authenticating the rightful owner or user. If you are within the acceptable Wi-Fi range, you can hack a Wi-Fi-controlled UAV with ease. And although the method of accessing the machine can be different in terms of being on the ground or air, there will always be a loophole.
For instance, the drone is activated while on the ground (i.e. not flying). Anyone can just hijack the device and even fly it away using an app built for hacking drones. And as soon as it is in the air, the legitimate user can be kicked by the owner, especially when the flying is already off the access point of the user. For the drone to continue with its navigation, it is expected to search for a controller. As a result, the hacker – even with an unauthenticated
The idea is even simpler contrary to popular belief. Basically, for a hacker to gain control, he needs to connect to the machine’s access point. That way, he can just access the open telnet even remotely. From there, he will send a command to fly off the UAV and, at this point, the original owner’s connection is lost and, thus, unable to gain control.
But hey, taking control of the drone is not the only issue here. The hacker can also steal the data of the owner and use it for whatever purpose he intends to make. And to do this, all he has to do is be within the range of the drone’s Wi-Fi access. Sure, you can expect the FTP server to never provide the login details as it is specifically designed that way. However, it is not able to prevent the hacker from gaining full access to the system files. This is where the intruder can obtain images and/or videos, a process he can achieve by connecting to a computer all the way the access point of the drone. Viola, the only thing left to do is to download the files. You will even be surprised by the fact that this process is unknown to the owner of the drone. Yes, that is right – the owner has zero knowledge about what is happening behind the scenes.
The Implications of Drone Hacking
It holds true that drones are starting to breach both physical and cyber defenses, causing chaos and massive data losses. Not only is hacking a growing threat for civilians, but it is also a problem branching out to military or government entities.
Spying – For starters, using a drone is the simplest and most cost-effective way of spying someone. A person can use a UAV to spy another individual with the purpose of gathering information, among many things. A hacker no longer has to rely on other high-end tools, which could only be costly, since an off-the-shell UAV is more than enough to capture photos, videos, and other important information. Keep in mind that a simple modification is needed for a drone to become an electronic surveillance device.
Collisions – This is definitely the most infamous implication a drone has to the public. As a matter of fact, since drones have soared high in popularity, countless serious injury reports have been detailed. They all involve an individual or a group of people getting injured after a drone landed straight to them. Drones collisions are almost a daily scene. And mind you, this narrative can prove fatal, especially if a 50-pound commercial drone collides into people. According to researchers, many people think of drones as a toy. As such, they do not mind flying their device in close proximity to people – not realizing the dangers they pose.
High-Tech Corporate Espionage – Hackers can just fly a drone outside of a board room and take pictures, although this is not necessarily a sophisticated process. But when it comes to the most damaging hijacks a drone has ever done, it definitely has to involve the use of computer hacking. Even before, drones were already used to land atop a data center in order to steal sensitive personal information. And for the authorities to be unable to trace the original controller, these drones were equipped with a separate power source. Meaning, if the initial power fails or simply runs out, the device could still sniff around. Even more so, it will have enough time to transmit data without getting caught.
A Cause of War – Yes, that is right –drones can be used to cause a war. Remember that U.S. Navy drone called BAMS-D or RQ-4N Broad Area Maritime Surveillance Drone or BAMS-D? According to reports, the drone was said to have flown from Al Dhafra Airbase in the United Arab Emirates. Unfortunately, it did not escape the transporter erector launcher truck stationed near Georuk, Iran and blew the drone into pieces. According to Iran, the UAV was flying and violating the Iranian airspace. The drone shut down could have easily caused a war, although the events are still starting to unwrap. In reality, drones – even if they are hacked – pose a serious nationwide threat, and causing wars is just one of them.
What You Can Do To Prevent Drone Hacking
Fortunately, there are ways to prevent someone from hacking your drone. The first and easiest way – and is actually something you need to do every now and then – is to update its software. It holds true that manufacturers have designed their drones to be updated annually. However, as far as updating the firmware automatically, this is definitely not true. That is why you need to read the update instructions and check whether updates are available. Once updates are known, make sure to apply them to your drone.
Another way to secure your drone from hackers is to use a strong password for the device’s access point with WPA2. Strong passwords are usually those with a combination of numbers, capital letters, symbols, and what have you. A general rule of thumb is to use a password with at least eight characters long. Also, make sure that the password you use is not a recurring one. Meaning to say, do not use a password you already used with your other accounts, such as banks, social media, email, and a whole lot more.
It is also important that you limit the number of devices allowed to connect to your drone’s access point. By doing so, you are reducing the possibility of someone connecting to the device’s access point and gaining full control. In addition, always disable FTP and telnet. Why? That is because both of them are not necessary if you are only using your drone for recreational purpose. If you are really going to activate the FTP, always make sure that it is able to block any synonymous access to the machine.
Also, keep in mind that you can always use anti-virus to help with the overall protection of your drone. The idea is to use this software for ground station protection. This is most especially the case if you are fond of using your phone or tablet to control your drone. There are free anti-virus programs out there, with Avast and AVG being the most popular ones. You can use them to keep infections at bay; otherwise, you will have a hard time piloting your drone. And the next thing you know, someone is already controlling it.
Lastly, remember to only buy drones from trusted manufacturers. Take for example DJI, which is the industry leader in drone manufacturing. The company has made a technology called geofencing, which helps in preventing drones from flying over restricted zones, such as nuclear plants, airports, and prisons. The second market leader called Parrot, on the other hand, has also integrated geofencing and hacking-prevention system on its drones (although the company has given owners the ability to turn these features off).
The Bottom Line
The global danger of hacking a consumer unmanned aircraft vehicle is, in one or another, low. And while things like collisions can be fatal, it really boils down the owner’s ability to discipline himself in flying his machine. But as far as most military drones are concerned, they are on a whole new level. Keep in mind that these drones are equipped with weapons and technology to infiltrate, just to name a few. And considering how valuable military drones are, hackers have also turned their eyes towards them. They have come up with their own ways of bringing down high-tech UAVs deployed by the military. What is more, the government or the military usually have no idea about these methods, albeit continued research being performed.
In most cases, it is all about manipulating the global positioning system of a drone or GPS. Once the latter is invaded, one could easily take full control. Sure, this is given and government agencies are aware of it. Unfortunately, as to how this manipulation is done, it is still under wraps. According to researchers, one of the ways of manipulating the drone’s GPS is to perform a spoof attack. This is where the communication link is blocked, disabling the drone’s ability to send and/or receive a command. As a result, the drone automatically switches to autopilot in an attempt to fly back to its “home position.”
By manipulating the GPS system of a drone, hackers can manipulate the drone in a way that it would think it is close to its home base. In reality, it is not and, thus, could land in the hands of the hacker. Now, imagine the consequences of seeing a hacker or group of hackers gaining access or in possession of a military drone.
Truth is, drones are a double-edged sword. They can be fun and everything. But as soon as a person abuses it, dire consequences can happen. As you can see and read in this article, there are various types of attacks, and most of them are so intense they can easily lead to death or war. Considering how extensive these attacks have been since the inception of drones, governments and cyber terrorists around the world must agree to set a maximum level of alert of drone manufacturers.
Heck, it is even easy to predict that the future will introduce a deluge of these technological marvels crowding the sky. That is why security must be a requirement. And for these incidents to be prevented, a multilevel approach should be implemented. The goal is to simply subdue these evolution’s of attacks, not to mention the sophistication level a hacker uses. With that said, a joint effort of defense must be spearheaded by manufacturers, private companies, governments, and even drone enthusiast around the world.