The global drone market is expected to rise to $43 billion in 2024, a huge rise from $14 billion in 2018. It is an indicator of the huge popularity surge in drones, technically known as unmanned aerial vehicles (UAVs). Used mainly by the military in the last decade, the current decade has seen full-scale commercial use of these machines all over the globe. Drones are becoming so affordable that they are available for anyone to buy on the internet and customize according to size and shape.
While companies like Amazon, Domino’s and UPS are seriously exploring using drones for various delivery-related purposes, security researchers have highlighted the importance of cybersecurity in drones. Like any other device, drones too are susceptible to cyberattacks and considering their use for many different purposes, the consequences could be severe. In 2009, insurgents in Iran intercepted live video feeds from a US drone using software available on the Internet. In 2011, an American UAV was captured by Iranian forces who jammed its control signals and implemented a GPS spoofing attack.
According to the US Department of Homeland Security, “Unmanned aircraft systems (UASs) provide malicious actors, an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information”.
A few ways in which drones pose cybersecurity risks are:
Loss of critical information
Autonomous vehicles can be used by malicious actors, such as terrorists or insurgents, to gain access to key information, such as military complexes or power plants. These malicious actors can position themselves at a safe distance and fly drones over these installations, garnering information to be used for malicious purposes.
Using drones to exploit access points and unsecured systems
There have been instances of drones being used to wirelessly exploit access points and unsecured networks. In one experiment, security researchers flew a drone with an autonomous attack kit near an office building which sent malicious over the air updates controlling smart light bulbs inside the building. In Singapore, security researchers found a way to intercept wireless printer transmissions using smartphones attached to drones.
Removing sensitive information from secure locations
Small amounts of highly sensitive data could be stolen through specially equipped drones via visual or radio signals. In a publicized experiment, a camera fitted to a drone stole data through a computer’s blinking LED light in Israel.
Liable for exploitation
Much like satellites, many commercial drones regularly communicate with ground-based operators or networks using mainly unencrypted feeds. This opens up drones to interception by malicious attackers who may also use vulnerabilities with drone software systems to inject malware.
It is imperative for organizations using drone technology to be cognizant of the cybersecurity risks that surround them and take the required action to circumvent those threats.
A few ways in which these threats can be mitigated are:
Geofencing
While malicious actors could theoretically remove geofencing limitations, it is still necessary to implement geofencing solutions within secure areas. Through geofencing, a virtual border is created around a specific area through a GPS or RFID-enabled software.
Awareness of local regulations concerning drone use
Regulations around drone use are changing every day in different jurisdictions. This is being done to negate the threat of unauthorized drones being used by malicious actors for non-ethical purposes. It is important to be aware of the regulations around drone use in specific locations.
Timely patching
As observed in the examples above, drones can take advantage of vulnerabilities and backdoors within systems and inject malware. Hence, it is important to plug these vulnerabilities as soon as possible to ensure smooth functioning.
In the next decade, drones may become a norm in day-to-day life just how cellphones are a norm today which they were not only a few years ago. Cyber criminals are already aware of this and are finding new ways to use drone technology to create chaos. Organizations must also be cognizant of the risks and take necessary measures to secure this valuable technology.
