Search This Blog

Tuesday, March 4, 2014

Drones on Your Doorstep? Not if Hackers Have Their Way

As reported by NBC News: What’s that buzzing in the backyard?

It’s probably not a drone — yet. But with major U.S. companies like FedEx and Amazon talking about using the whirring aircraft in the not-so-distant future, it seems more likely than ever that drones may soon be part of our domestic skyscape. That is, if they can beat the hackers, some security tech experts say.

For the most part, drones have emerged on the corporate scene mostly as the butt of jokes from companies like Netflix, which recently took aim at Amazon with a fake “Drone2Home” delivery service ad that DVD division general manager Hank Breegemann said would deliver disks in “mere seconds.”

In December, two days after Amazon head honcho Jeff Bezos laid out his — perhaps overly optimistic — vision in which Amazon deliveries would be dropped off by drone, a hacker named Samy Kamkar posted a YouTube video that showed software he had developed that could take control over other drones.


“As soon as it finds any other drones, it hacks into that drone’s wireless network, disconnects the owner, and takes over that drone,” Kamkar says on the YouTube video in which he explains his hack.

Kamkar told NBC News that he “wanted to open people’s eyes to the security implications.” He makes the digital hijacking seem easy, and pulled it off using only a Raspberry Pi computer that costs about $40 and code that he shared on his website. As far as he knows, there’s no software or hardware out there that would prevent the same tech from being used to hack commercial drones, Kamkar said.

That’s not great news for hobbyists and model aircraft enthusiasts who are launching their own small drones, typically easy-to-use copters made by companies like Parrot or Draganflyer. The security stakes are higher, however, as police departments, scientists, and the FBI use drones to find missing people or track species in the wild. And companies like Amazon aren’t going to be keen about using drones that can be hacked by a bored teen with basic computer knowledge.

Kamkar's demo was “clever,” and communication links are vulnerable, Todd Humphreys, a security researcher who studies drone systems at the University of Texas, Austin told NBC News. Among the weakest points on the small aerial vehicles are their navigation systems, Humphreys said.





Humphreys would know. In 2012, at the request of the Department of Homeland Security, he showed how a civilian drone could be tricked into believing false GPS coordinates, causing it to crash at a test site in New Mexico. About a year later, Humphreys and his students forced their way into the systems of a yacht in the Mediterranean and took control of the boat at the owner’s request.

In an upcoming study in the Journal of Field Robotics, Humphreys presents a thorough analysis of the systemic failures that take place when a drone falls victim to such a "spoofing" hack. Humphreys says he and his colleagues present evidence, among other new details in the report, that a drone hacked once remains permanently damaged.

GPS makes a particularly easy hack target, Humphreys said. “Every unmanned vehicle I know of depends critically on GPS,” he said. “So if you’re clever about the way you hack into these systems, almost all of them have this vulnerability.”

While the commercial use of drones is not currently permitted by the Federal Aviation Administration, the FAA is working to develop operational guidelines for the craft by the end of 2015. Six states have been designated as tests sites amid rising interest from businesses, farmers, and universities who foresee their own use of drones.


Others say hobbyists have nothing to fear, the hacking of drones belonging to private citizens may not be a "serious issue," not immediately, anyway. There's no real danger in hacking "drones being used for non-sensitive issues like photography and building inspection," Brendan Schulman, special counsel at Kramer Levin Naftalis and Frankel, told NBC News.

Schulman is behind the one key lawsuit underway challenging the FAA's authority to regulate the use of commercial drones. There's also the question of value: "I’m not sure what the value is of taking over an agricultural photography drone."


"The greater issue would be if the drones being hacked are [being used] for border control or law enforcement or if the drone is carrying sensitive scientific payload," or is flying over a sensitive location, he said.

Some companies have tried to get a jump on the FAA, like Minnesota-based brewer Lakemaid Beer. The beer company thought they had hit on a great idea with their plan to deliver beer to ice fishers by drone, until they were shut down by the administration.

But the wait for an official thumbs up won’t stop drone enthusiasts and business owners from experimenting, Humphreys said.

“I say it’s already happening and much of it is happening without the knowledge of the FAA.”

No comments:

Post a Comment