Cyber attacks are almost never as straightforward as implied by television and movies. Hackers typically don’t just wake up, sit at their computers, and infiltrate a system or bring it down. For example, hacking into a bank by a completely virtual approach can be quite challenging and time consuming.
On the other hand, getting bank staff to insert a compromised USB device into a computer circumvents many security protocols and allows the hacker direct access to the network. Oftentimes it is easier to trick someone into bypassing the security, referred to as social engineering, than it is to beat the security.
While drones are not flying super computers that can easily brute force hack into a secure facility, they do offer hackers another tool to help with the multistage cyber attacks required in today’s cybersecurity conscious world.
Drones can be used for a plethora of attacks essential to a much larger breach. Network sniffing and network spoofing are two drone cyber attacks that can easily be performed using a small device like a raspberry pi (Figure 1) attached. The sniffer can find out all the information about a wifi network such as the MAC addresses and SSID. These can then be used by the device to pretend to be a known wifi network. Unassuming employees may connect to the fake network. From here hackers can access valuable information.
According to the How Secure Is My Password tool, “DroneHacks” takes approximately one month to brute force hack. However, if somebody were to log into a system via the faked network, they would be giving hackers their login credentials. How often do you become suspicious of your “trusted network” when your login credentials don’t work immediately? People are much more likely to blame an email server or restart their computer than to look closely at what network they are connected to. Now that the hacker has login credentials, they don’t need to force their way through security. They can simply log in and begin expanding their footprint.
Drones can also carry other devices to perform local deauthentication attacks, a type of denial-of-service attack that targets communication between a user and a wifi wireless access point. Or the drone carries a device to simply jam wifi or other communications. Disabling WiFi, radios, or cellular devices can lead to confusion and lack of coordinated defenses allowing hackers to carry out other attacks.
The drone cyber attacks described above are certainly not the only threats drones pose. Other attack vectors may not be as direct. A bad actor can use a drone to observe shift changes and gather information on security protocols with the ultimate goal of planning a physical attack. Drones with camera and video capabilities produce incredibly high quality footage these days.
If you or your organization employ drones, they are susceptible to cyber attacks themselves. Most drones are designed to optimize battery life and flight time. Little focus has been placed on cybersecurity. As most drones are expected to potentially lose connection to their controllers, they will typically attempt to return to their launch point by default. Many pilots will attest to the fact that these automated responses are far from perfect and depend heavily on the drone type and local environment. Disrupting the video and telemetry feed from the drone is relatively simple, leaving a pilot flying blind. Disrupting the control signal, while more challenging, is also a possibility particularly if the drone operates over wifi.
Departing from the physical consequences of a cyber attack to a drone, if the drone records confidential information such as video of a crime scene, the video itself must be protected. While drones offer a very easy mechanism for recording and retrieving this video, keeping it out of the hands of hackers may be much more challenging. Some drones automatically backup their videos and files to cloud systems. Others may only upload log files of the flights. Either of these can be useful for hackers looking for them.
The RAND Corporation recently published an eBook on How to Analyze the Cyber Threat from Drones that details cybersecurity implications of the explosive popularity of drones. It covers current vulnerabilities hackers can exploit using drones, cyber attacks to drones, as well as future trends.
We recommend that any organization using drone(s) conduct research online about the security of the device before purchasing and maintain the viability of evidence. Most drones don’t have the option to customize security features.
Whether your business handles or stores sensitive or proprietary information, has a hardened facility with physical security measures, or is an average business trying to keep up with standard cyber security, drones prove to be a real threat in our digital age. We can no longer rely on two-dimensional security strategies to protect facilities from any type of drone threat.
Because mitigation of drones is illegal for non-Federal entities and extremely risky, the best form of mitigation is to find the pilot and either kindly ask them to stop flying or apprehend them (depending on your jurisdiction).
Drone detection systems are a powerful tool for businesses and law enforcement because they provide airspace awareness. But keep in mind not all systems are able to locate the drone and pilot (controller) and do it at the same time. Having information about the pilot’s location as soon as the drone is located is crucial for a faster response to the threat. If you have to guess where the pilot is, you are wasting precious time that could have been spent stopping the attack sooner.
There are many drone detection systems on the market which makes cutting through the noise challenging.
Download our helpful Top 10 Questions to Ask When Evaluating Drone Detection Systems checklist.