I have a family member that manages drone programs for Customs and Border Patrol. She mentioned that they have concerns about drone cyber security, and asked if we had any concerns at Lightwave Aerial. I said no, but then realized I didn’t really know much about it. So as usual, I did some research, and what I found was very interesting.
It is definitely possible to hack a drone. Hackers can gain unauthorized remote access to your drone’s computer system and issue commands that override your remote control. Another method injects bogus GPS signals, redirecting your drone to a new destination. This is a vulnerability all drone pilots need to understand.
As drone technology advances, so too does the risk of drone hacking. Just as computers and smartphones can be hacked, so too can drones. Drone hacking is a growing threat that must be addressed by drone manufacturers, operators, and regulators. This article discusses the technology, provides some perspective, and forecasts the future of drone hacking.
What is drone hacking?
Hacking is defined as “the act of compromising digital devices and networks through unauthorized access to an account or computer system“. Drones have often been described as flying lawnmowers, but they can also be described as flying computers. In this sense, they are definitely vulnerable to being compromised. There are several types of drone hacking.
In this type of hacking, a remote signal is sent at the same frequency as your remote control transmitter. The signal power is much larger than your remote control signal, so the drone sees this as noise and it is unable to understand the remote control command.
In this case, a hacker remotely logs in to your drone. Once they are logged in, they transmit a command that tells the drone to disconnect you from the remote control.
This is often used in combination with de-authorization. Once the hacker is able to disconnect the drone from your remote control, the hacker then sends his control commands to the drone in order to direct movement or access data.
The drone relies on GPS signals to know its location and altitude. But GPS signals come from satellites so they are very weak. In this case, the hacker sends a bogus GPS signal that overrides the correct GPS. So the drone is unable to determine its correct position or altitude. This requires some planning because the hacker needs to guide the drone using bogus GPS data.
Blocking, de-authorization, spoofing, and takeover are the four basic methods to hack a drone. But they are often used in combination.
How Would Someone Hack A Drone?
Your drone basically has two operational modes: manual and autonomous flight. With manual control, the pilot directly controls drone activity with the remote control.
Drone autonomous flight is where the drone flies in a predetermined pattern without direct manual control. This can be useful for surveying or mapping. GPS is required because it provides the drone with accurate position and altitude information.
Hacking occurs slightly differently in these two cases.
Hacking During Manual Operation
Step 1 – The hacker will search for Wi-Fi networks containing a drone and remote controller. A device called a “sniffer” is used to intercept Wi-Fi network signals and identify the addresses of all devices on the network. Drone addresses are easily identifiable because they consist of a vendor code.
Step 2 – Use the drone address to log into the drone as a remote control. This is relatively easy because drones do not require passwords and they can accept multiple remote control logins.
Step 3 – Once logged in, the hacker will access the suite of drone commands and send a command to disconnect from the primary control. This leaves a hacker with sole control of the drone.
Hacking During Autonomous Flight
Step 1 – You only need to identify the general physical location of the drone. Since the drone is not being manually controlled the hacker does not need to perform any takeover procedures.
Step 2 – The hacker transmits fake GPS signals that will replace the real GPS signal. By doing this they can control drone movement by making the drone think it’s in the wrong location or at the wrong altitude.
The process is called “GPS Spoofing” and it requires a fair amount of technical knowledge. This is why you always maintain a visual line of sight with your drone, even during automated flights.
In both cases, the drone receives and accepts an unauthorized signal, then is given inaccurate information from the hacker.
How Hard Is It To Hack a Drone?
The technology to hack drones is available to anyone. There are commercial devices and public software that can be integrated to build a drone hacking system. However, it does require some investment to purchase the hardware, a fair amount of time to develop and integrate the software, and some technical expertise to make it all work together.
How To Find The Hacker
Bad News. It is unlikely that you will find the person hacking your drone. Remote control access can be achieved within a radius of about 1 kilometer, so the hacker does not need to be physically close to your location.
To make matters worse there are products that use drones to hack other drones. This means the hacker merely needs to be close enough to communicate with his drone. This means he can be several miles away.
How To Know If Your Drone is being Hacked
More bad news. It is unlikely you will immediately know if your drone is being hacked. During a manual flight, what you’ll likely see is a message indicating that you’ve lost connection with the drone. Or you may simply lose the video link.
If it’s an autonomous flight, then the drone will simply move off of the predetermined path. This will look like a malfunction however, you will be unable to take over manual control.
This is why you always maintain a visual line of sight with the drone (did we say that before?).
If these problems persist and the drone does not return-to-home when directed, then there’s a good chance that your drone is being hacked.
How to Protect Your Drone from Hackers
There’s bad news here too. We’ve done a fair amount of research on this topic and you will generally hear one of these preventative recommendations.
> Update your firmware for your controller and your drone
> Get antivirus software for your phone
> Make sure you always have returned home enabled
> Change your flight paths and don’t be predictable
> Use a GPS firewall to protect your drone
> We’ve even seen a suggestion to use Blockchain to protect your drone
Granted if the hack occurs through malware on your phone, then definitely having antivirus protection is a great idea. But the truth is that hacking will most likely occur by remotely accessing the Wi-Fi connection between your drone and your controller. Firmware updates, antivirus software, and changing flight patterns, will not prevent this from happening.
As far as Blockchain. There’s no way to implement a blockchain between your Wi-Fi controller and your drone. But it might make a decent Ph.D. thesis.
Installing a GPS firewall may be a good idea, but it will require a lot of technical expertise and still will not prevent the signal from being jammed.
There are several simple solutions to prevent hacking.
One is to require authentication to access your drone, an example would be entering a password. Similar to what is required when using your smartphone or your laptop. Seems like a very simple solution and yet drone manufacturers have not yet incorporated this capability.
The second solution is to encrypt communication between the controller and drone, this would require some additional expense but would definitely reduce the risk of hacking. Again drone manufacturers have not (yet) chosen not to install this security measure.
It is possible to manually install the authentication on your drone, but it requires significant technical expertise. We may write an article on this topic in the near future. Stay tuned.
Should You Worry About Drone Hacking?
Finally some good news. It is very unlikely anyone will hack your drone. It requires a fair amount of technical expertise and some investment in hardware and software. It’s simply not worth the time and effort to hack a single drone. But as drones find new future applications we anticipate that this will become a serious problem.
The only issue you may encounter is signal blocking from someone that does not like having your drone near their location. Signal-blocking devices are relatively cheap and easy to operate.
However, blocking or jamming RF signals is a federal crime in the US. For more details see our article “Is It Possible To Jam A Drone Signal?“
What Are The Dangers of Hacked Drones?
Drone hacking presents several potential problems. The most obvious is the loss of your drone, for most drone owners this is a significant investment. This could be a particular problem if you’re running a business and the loss of your drone could mean that you can’t complete the job for the customer.
Also during the hacking process, there is a time when the drone has no one controlling it. During this time it is possible the drone will crash, which obviously creates a safety hazard.
Lastly, it’s definitely possible that information on the drone can be stolen or corrupted. This typically won’t be a huge deal unless the information contained on the drone is proprietary or sensitive.
Which Drones Are Easiest to Hack?
Parrot AR Drone 2
While most drones have the same vulnerabilities, our research found the Parrot AR drone was mentioned an inordinate number of times. There are several projects designed specifically to use against the Parrot which means that there are a number of software applications in the public sphere that could be used to hack this drone.
Again this is not a knock against the Parrot AR, we think it is a great drone. Pretty much all drones have the same vulnerabilities, however, we have found this drone mentioned a number of times.
Any DIY Drone
Commercially produced drones have some small protection against hacking. However, DIY drones are not built with any thought for cyber security. This is probably because the audience they’re intended for will not fly commercial missions. Instead, these drones are generally intended for hobbyists.
Maximum Distance To Hack Drone
Direct Access To Drone
If the hacker is accessing your drone, there are two parts to the hacking process. The first is using a Wi-Fi sniffer to find the addresses of your drone in your RC unit. The second is having their transmitter/receiver communicate with your drone.
Of these two, the Wi-Fi sniffer limits the distance. Sniffers typically need to be within 1000 feet of the device in order to collect packets. Whereas the transceiver can be up to several miles away potentially. This means that for manual direct access, the hacker will need to be in general proximity to begin the process of hacking.
Access Via Second Drone
The second option uses a drone as a hacking platform. In this case, the attacker simply needs to maintain contact with his drone, which means again he could be several miles away as long as his drone is in the vicinity of your drone. There’s actually an advertised drone that’s designed to hack other drones.
The Future of Drone Hacking
As drones are used for more commercial and industrial applications, there will be a greater incentive for hackers to target them. We can expect to see more sophisticated hacking techniques being developed and deployed against drones. We expect that hackers will primarily target package delivery services touted by companies such as Amazon and Walmart.
More Drones Means More Hacking
The introduction of package delivery services will significantly increase the number of drones in the air. In addition, these drones will require advanced detection and avoidance capabilities which means they will be more valuable. This makes the drones themselves more attractive targets. In addition, the packages they carry are also valuable which is an additional incentive for hackers.
Remote Operation Means More Hacking
Package delivery services will remotely control a large number of drones from a central or mobile Mission Operations Center (MOC) This means that there will be no person on site able to respond quickly if drones are hacked and diverted from their intended path.
More GPS Dependence Means More Hacking
These package delivery drones will follow pre-determined automated flight paths so they will rely heavily on GPS. In this case, GPS spoofing could easily be used to redirect the drones or cause them to crash.
By taking steps to improve the security of drones and their control systems, we can make it more difficult for hackers to take control. By increasing awareness of the risks of drone hacking, we can also make it more difficult for hackers to operate undetected. Drone hacking will present a serious threat that must be taken seriously by all those involved in the drone industry.