Research: Drone Hacking Easier Than Previously Thought

Research: Drone Hacking Easier Than Previously Thought

More than half a million drones currently buzz around in US skies, and by 2030 it is predicted there would be more than 7 million of them. A Johns Hopkins University research (done at 2016) exposed the soft underbellies of hobby drones.

Team supervisor and cybersecurity scientist at Johns Hopkins School of Engineering, Prof. Lanier Watkins, assigned his master’s degree students to the job. The team discovered 3 ways to interfere with an airborne drone’s activity, using only a laptop – forcing them either to land or to crash.

Unfortunately, those hacking methods are not limited to hobby drones only. Many commercial drones are also exposed to the same exact vulnerabilities – such as farming drones, police drones, business drones (Amazon, delivery services), aerial photography and videography drones, etc.

In their haste to produce and sell as many drones as possible, manufacturers too often consider security issues last in line. Hence such drones can be easily hacked, and sent to spy on people, serve as flying bomb carriers, and more.

Watch the Johns Hopkins related video:

3 Ways to Hack an Airborne Drone

Here are the 3 methods used during the Johns Hopkins research:

Hacking #1 – DOS Attack
The team sent 1,000 wireless connection requests at very short intervals, causing the drone’s central processing unit to overload and hence shut down. This is a well known and familiar form of cyber attack called DOS (Denial Of Service), and it’s being successfully used in drone jamming devices. When it’s done using various multiple sources, it’s called DDOS (Distributed Denial Of Service). Following the above mentioned DOS attack, the drone was forced to immediately land.

Hacking #2 – Packet Attack
Packets are bundles of digital data, sent in a specific order over time. When one sends an extremely large data packet, exceeding the receiver’s capabilities, one could cause an overload. That is exactly what happened during the second hack attempt at the Johns Hopkins test – this time the drone crashed).

Hacking #3 – Fake Drone
This time the team sent an ongoing fake data packet, directly to the drone’s ground control unit. The purpose was to make the control unit think it was receiving orders from the drone itself, although in reality it was all but fake data. The team succeeded in making the control unit “believe” in that, hence disconnecting the real connection with the drone. This hack made the drone emergency land.

To conclude

A more advanced and sophisticated way of hacking a drone, would be using intentional signal jamming (much like the one used to jam and block cell phones in schools and public places). Such methods usually belong to the corporate and military domains, and are not accessible for use by private people.

Sure enough, these are stressing results for both privacy reasons and business, commercial, military and security reasons. One would guess military drones are much more robust and immuned to such cyber attacks, but that is remained to be seen.