According to a recent Federal Aviation Administration report, it is predicted that 2.5 million hobby-type and commercial drones will be sold in 2016. With drones’ growing popularity, researchers really want to know if the new flying technology is susceptible to security breaches that could cause them to ditch their human controllers and even land or crash at the hand of a hacker.
That’s why a team of five graduate students and their professor from Johns Hopkins University discovered three different ways to send hacked commands from a computer laptop to interfere with an airborne hobby drone’s normal operation and land it or send it plummeting. Their research involved crashing a few drones.
While hobby drones are flown mostly for recreational and photography purposes, more advanced commercial drones are capable of handling more demanding tasks. Farmers have started using drones to survey their fields and determine when and where water and fertilizer should be applied. Other commercial drones can also help in search and rescue missions. Now, businesses such as Amazon, are exploring the use of drones to deliver merchandise to their customers.
A lot of focus is placed on safety of drone flight, but are drones digitally safe?
“You see it with a lot of new technology,” said Lanier A. Watkins, who supervised the recent drone research at Johns Hopkins’ Homewood campus. “Security is often an afterthought. The value of our work is in showing that the technology in these drones is highly vulnerable to hackers.”
The team set out to apply what they’d learned about information security by completing a capstone project. The researchers conducted wireless network penetration testing on a popular hobby drone and developed “exploits” from the vulnerabilities found to disrupt the process that enables a drone’s operator on the ground to manage its flight.
According to Michael Hooper, one of the student researchers, “an exploit is a piece of software typically directed at a computer program or device to take advantage of a programming error or flaw in that device.”
They conducted three successful drone hacks.
In the team’s first hack, the students bombarded a drone with 1,000 wireless connection requests in rapid succession, each asking for control of the airborne device. This caused the aircraft’s central processing unit to shut down and sent the drone into what the team referred to as “an uncontrolled landing.”
The second successful hack involved the team sending the drone a large data packet, exceeding the capacity of a buffer in the aircraft’s flight application. This caused another drone crash.
In the third exploit, the researchers sent a fake digital packets from their laptop to the drone’s controller, and got it to believe that the packet sender was indeed the aircraft itself. By severing its own contact, it caused the drone to making an emergency landing.
“We found three points that were actually vulnerable, and they were vulnerable in a way that we could actually build exploits for,” said Watkins. “We demonstrated here that not only could someone remotely force the drone to land, but they could also remotely crash it in their yard and just take it.”
The team sent its findings to the maker of the drone that was tested and has now begun testing higher-priced drone models to see if these devices are similarly vulnerable to hacking.
The purpose of the study is to serve as a wake-up call so that future drones for recreation, aerial photography, package deliveries and other commercial and public safety tasks will leave the factories with enhanced security features already on board, instead of relying on later “bug fix” updates, when it may be too late.
Comments are closed, but trackbacks and pingbacks are open.