Left unchecked, our drones may pose significant risks to our privacy and security.
Drones flying over populated areas, unchecked, represent a real threat to our privacy, researchers have warned.
On Wednesday, academics from Israel’s Ben-Gurion University of the Negev (BGU) and Fujitsu System Integration Laboratories revealed the results of a new study which examined over 200 techniques and technologies which are currently in use to detect and disable drones.
BGU and Fujitsu say this is the first study of its kind, which examines how lawmakers and drone developers are attempting to control drone usage.
The research, titled “Security and Privacy Challenges in the Age of Drones,” (.PDF) found that cybersecurity measures developed to keep these flying camera-laden vehicles are falling woefully short.
Drones are now used for military purposes, for pizza deliveries, for delivering life-saving medication, and for surveillance & monitoring in agriculture. Drones and other forms of unmanned aerial vehicle (UAV) are also being tested as potential future transport options.
Unfortunately, it is the minority which can ruin it for the rest of us. Drone-related security incidents are reported on close to a daily basis, and it was only a few months ago that a single drone sighted around the grounds of the UK’s Gatwick airport caused chaos, grounded flights, and resulted in the misery of countless passengers attempting to travel ahead of the Christmas holidays.
The UK’s response was rather limp and resulted in only a new power being awarded to police to issue £100 fines for inappropriate drone usage. However, the country found itself unable to detect or stop the drone during its antics.
Such incidents can not only disrupt the lives of citizens but can also result in damages and compensation claims — and so organizations and governments are now looking at ways to detect and disable drones, a new market which is expected to reach $1.85 billion by 2024.
The report suggests that left unchecked, drone use in populated areas “could result in cyberattacks, terrorism, crime, and threats to privacy.”
There are a number of ways that organizations are tackling privacy issues caused by drones. Radar, RF scanners, thermal cameras, audio alerts, and even falconry have all been explored, and one of the new methods which are being developed is software able to physically track a drone.
However, these are easy to compromise, as shown by the research team in the video below:
The team also demonstrated an interesting attack method in which a drone was used as a conduit for delivering hacking hardware and radio systems to a target — which could be a smart home or an air-gapped business system — which was disguised as a perfectly innocent pizza delivery:
BGU and Fujitsu suggest in the report that the biggest challenge vendors face when it comes to drones and their potential impact on privacy and security is determining a drone’s purpose in a non-restricted area, also known as an “open sky policy.”
“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a Ph.D. student from BGU’s Department of Software and Information Systems Engineering (SISE). “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”
The researchers propose that drone ID systems and registration are the way forward, both of which have now been implemented in new US regulations.
Whitelisting, such as an out-of-band solution which installs microcontroller on white-listed drones able to transmit their ID to controllers for authentication; software-based monitoring systems which translate a drone’s commands, unique signatures based on vendor hardware, and using cellular technology to trace operators have all also been suggested as potential solutions.
However, controlling drone use without stifling both this emerging, innovative industry and the joy of innocent enthusiasts is a difficult proposition and there is no failsafe solution available — at least, for now.
Source: ZDNet