May 2, 2016

Drones armed with guns, chainsaws and vulnerabilities

Security

Over the past few years drones have evolved from toys to powerful tools that can be used by pretty much everybody. Armies use them for scouting and aerial spotting, coast-guards — as coastal patrol. When it comes to mapping the accident site and locating victims lifeguard sends drones ahead. Unmanned flying vehicles disarm old mines, trace poachers and even spy on the famous Area 51.

Drones armed with guns, chainsaws and vulnerabilities

Quad-, hexa- and other multi-copters nowadays can be purchased for next to nothing. This cost brings up a lot of privacy concerns. Small wonder, as drones could fly everywhere and record almost everything their owner wants them to! As soon as everybody understood that it’s rather hard and almost useless to spy after the neighbors with the help of average consumer drones some fears subsided.

People started entertaining themselves. For example, they attached different things like chainsaws and guns to their drones; and — of course — published videos of their experiments on YouTube, gathering “Likes” and attention. Nevertheless, unmanned flying vehicles are still considered to be dubious technology. For example, this year hunters from Pennsylvania held a robust discussion whether is it legal and fair game to hunt animals using drones.

Other people decided that drones are annoying and creating a weapon against the nasty flying things is their direct duty. That resulted in the invention of SkyWall — a professional protection system from mechanical birdies, that shoots drones down with nets. Other enthusiastically joined this flashmob: jet-ski drivers showed that it’s possible to destroy a drone with their floating facilities. Others started a Kickstarter crowd funding campaign for the development of a drone neutralizing mechanism. After proper training even eagles learned how to hunt down a drone.

Hackers also decided to check how difficult it would be to compromise professional drones used by military and law enforcement agencies.

One of them, a 22-year old Gaza resident named Majd Ouida was arrested by Israeli police in March. The investigators believed that Majd tried to hack Israel Defence Forces drones three times. The last attempt succeeded and the young man intercepted the broadcast feed streamed by drones. He had allegedly bought the necessary equipment from dealers in the United States.

It was not for the first time that Israeli drones were hacked — foreign Intelligence services hacked into them as well. Thanks to Edward Snowden we know about the operation ‘Anarchist’ held by the USA and Great Britain. American and British intelligence secretly tapped into live video feeds from Israeli drones and fighter jets monitoring military operations in Gaza, Palestine.

Of course special services and their agents are qualified for such a job. It turns out you don’t need to be James Bond to hack, for example, an industrial drone, used by American police and fire departments.

At the RSA conference, security expert Nils Rodday reported that he managed to take control over a quadcopter of that kind due to a certain security flaw. This vulnerability is observed in this very model and other similar devices, which cost from 30 to 35 thousand dollars. At the same time, a criminal needs only a $500 laptop and a cheap radio chip connected via USB to make this work. The researcher believes that the discovered vulnerabilities may apply to a broad range of high-end drones.

Drones have to follow commands. Quickly. To reduce delays developers either use no encryption at all or turn to a simple WEP protocol, which can be hacked in seconds. This is why it’s possible to take over someone else’s drone. Once it’s done, the hacker can turn it off, make it fly here and there, faster or slower, change key points of its route and so on. In brief, one can break the drone, crash it or — even worse — make the copter crash into somebody.

The researcher reached the developers of the vulnerable flying machine and the company plans to fix the issue in the next version of the quadcopter that it sells. The thing is that it’s not easy to patch those drones that are already sold. They are not connected to the Internet directly and so they are unable to download a security update.

Even if the company released a new firmware with stronger encryption and the users installed it somehow to their devices, the update would slow down the drones — as they would spend certain time decrypting the commands. Enabling encryption without adding latency would require mounting another chip — which means that the manufacturer would have issue a recall.

In the world of gadgets, connected devices and worldwide Internet such failure seems to be epic but let’s not be blunt here. As with many other modern developments drones are a relatively new technology that requires further testing. Yes, they are not secure: one really can attach a chainsaw to a flying machine and use it to ruin their neighbor’s bushes, or hack the drone to fulfill their dark goals.

It’s important to understand that any innovation brings good and bad things at the same time. Earlier people thought that electricity is a kind of dark magic but now everybody seems to like it. The same destiny awaits for drones.

Until this happened we should be more careful when it comes to a brand new technological devices and be especially attentive when you choose smart connected devices for your home and family.