BGU Researchers Outline Security, Privacy Threats Presented by Drone Use
The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and drones as a result of lack in additional technology that is required to secure both parties from one another. The lack of supporting technology could be exploited by malicious entities for cyberattacks, terrorism, crime and threats to privacy and also to attack drones while flying for a legitimate purpose, according to a new research report by Ben-Gurion University of the Negev (BGU) researchers and Fujitsu System Integration Laboratories Ltd.
The first comprehensive study on “Security and Privacy Challenges in the Age of Drones” evaluates 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. Its findings coincide with the U.S. government proposal to allow civilian drone flights with new security rules that permit deliveries and other commercial uses in populated areas.
“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a Ph.D. student in BGU’s Department of Software and Information Systems Engineering (SISE) and a researcher at the BGU Cyber Security Research Center. “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”
The researchers examined different ways to detect drones in drone-restricted areas including radar, RF Scanners, thermal cameras, sound and hybrids of these methods. However, they believe the biggest challenge is determining the drone’s purpose in non-restricted areas. For example, whether a detected drone is being used by its operator to deliver a pizza, spy on someone in a shower, launch a cyber-attack, or smuggle goods.
“An open-skies policy that allow drones to fly over populated areas pose a significant challenge in terms of security and privacy within society” says Prof. Yuval Elovici, Ben Nassi’s Ph.D. advisor, who is director of the Deutsche Telekom Innovation Labs@BGU; director of the BGU Cyber Security Research Center, SISE faculty member and the Davide and Irene Sala Chair in Homeland Security Research.
“Attackers can disguise a cyber-attack as legitimate drone pizza delivery by hiding the hardware they use inside the pizza box. To illustrate, the BGU and Fujitsu researchers demonstrate an attack exploiting a pizza delivery to launch cyber-warfare against smart cities by triggering watering via cellular smart irrigation system.
The researchers also demonstrate a new physical method to disable drone’s active tracking functionality, a new technology that was recently introduced by drone manufacturers that is based on computer vision algorithms.
“In an unrestricted area, we believe that there is a major scientific gap and definite risks that can be exploited by terrorists to launch a cyber-attack,” Nassi says. “It is inevitable that drones will become more widespread, but we need to recognize that open-skies policy pose multiple risks and that current solutions are unable to solve as a result of a major scientific gap in this area.”
The researchers propose methods that enable flying drone identification as well as registration, which is now a U.S. regulation. This includes dedicated techniques for authenticating drones and their operators. While in their previous study, the researchers demonstrated a new technique to detect a spying drone, new methods to determine the purpose of a nearby drone must be developed.
The research team also included Dr. Asaf Shabtai from BGU SISE, as well as Dr. Ryusuke Masuoka and Kohki Ohhira from Fujitsu System Integration Laboratories Ltd.