Many a disgruntled suburb-dweller has expressed annoyance at the whining sound emanating from the latest hovering craze. While viewed by some as a menace and an invasion of privacy, drones have emerged as one of the most popular consumer gifts over recent years. Despite this, the gadgets are now proving their use in a commercial context. In fact, a recent report from PwC revealed that the commercial drone industry could be worth as much as $127 billion by 2020, while analysis from the International Association for Unmanned Vehicle Systems has predicted that drones will create thousands of jobs over the next decade.
However, like many innovations with an element of network connectivity, the increasing use of drones in business and government settings has made them a target for hackers who are intent on causing disruption and gaining access to sensitive data. While the technology’s potential across several industries is undeniable, more must be done to improve regulation and device security before they can be trusted as carriers of our physical and intellectual property.
Not just for Christmas
Far from the nation’s back gardens, businesses are plotting the integration of drones into their strategies. Amazon’s significant investment in its R&D activity in Cambridge to develop a drone delivery capability is indicative of the potential attributed to the technology by the world’s largest organizations. Beyond this, drones are proving to have a range of commercial applications right now, allowing humans to access the inaccessible.
Whether oil companies operating offshore rigs or law enforcement departments surveying large crime scenes or tracking suspects on the run, unmanned vessels can get places that people can’t. In terms of perspective, estate agents are also trialing drones to take aerial photographs of large properties, while television production teams are increasingly using drones to film creatively. Although these commercial applications show significant potential, they also highlight the range of information that could be accessed from an individual drone, each of which provides an access point for hackers to infiltrate.
Hacking new heights
Thanks to the ability of drones to offer real-time data capture and analysis, the technology is becoming increasingly relied upon to monitor and map our world from the sky. However, like any other connected device, these attributes also provide several routes for hackers and other criminals to access the data enclosed. For example, if a cyber-criminal can infiltrate and take over the control channel between a drone and its operator, they will also have access to the data moving back and forth, which they can use and decrypt if necessary. Furthermore, the sensors that make up a drone’s navigation system can be fooled by hackers using ‘spoofing’ techniques to take control of a device, by sending a fake signal that the drone believes has originated from a GPS satellite, as seen recently during an incident over the Black Sea.
Some criminals prefer to make use of a drone’s physical presence to cause chaos, rather than steal the data it houses. As recent reports of disruption at Gatwick Airport demonstrate, anarchists have used drones to disrupt major services and threaten the public’s physical safety. Alternatively, hackers gaining physical access to a drone, either by damaging it in-flight or during the maintenance process, could give them an opportunity to manually infect a drone with malware.
Securing the sky
While drones have the potential to make aspects of the way we live and work easier, businesses and governments must be mindful of the associated security vulnerabilities and work together to mitigate them. Although incidents involving drones are often a subject of playful misuse, they can also be hacked. At the recent DEFCON hacker conference, for example, attendees were shown how ultrasonic waves can be used to disrupt a drone and render the controller useless. Therefore, manufacturers have a responsibility to secure the devices owned by unsuspecting customers, who could be liable for damage or potentially much more dire consequences for society if criminals compromise a device.
The UK has already made some progress in addressing the new threat, by launching a cyber-security boot camp focused on hacking malicious drones. However, this is just the first step to robustly protect the latest frontier of business networks. For the threat that comes with drones to be completely neutralised, there must be significant development of drone legislation, which is only just beginning to take a coherent form. The EU is now taking steps towards putting clear regulations in place to govern drone flight and ownership, which they hope to be in place by 2019 and would include drone identification technology and a wider ‘U-Space,’ as well as specific ‘no-fly’ zones.
While this shows that conversations are moving in the right direction, it is likely that comprehensive regulations will take some time to become fully formed. In the meantime, security must be the biggest priority for organisations looking to make use of drone technology. As unmanned devices play a bigger role in enterprise strategies and take valuable data outside the relative safety of physical company infrastructure, securing the perimeter of your network has never been more important, regardless of its altitude.