For the longest time, drones looked like a good-news tech story that would transform aerial photography, disaster relief and parcel delivery.
The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts.
Among those investigating the implications of a world filled with “very small and fast flying objects” are the Israeli-Japanese researchers behind a new study, Security and Privacy in the Age of Drones.
In hindsight, it’s amazing people didn’t see the problems coming as these devices got smaller, cheaper and able to operate many kilometres from the person controlling them.
The potential for terror-by-joystick malevolence and mischief is obvious, as London’s Gatwick Airport found out to its cost in December 2018 when it was forced to close its main runway.
But subtler problems might be worth looking at, the researchers argue, such as aerial spying and surveillance, of which there have already been several high-profile examples:
Exploiting these facts, drones have increasingly become a threat to individuals’ privacy as evidenced by their use to detect a cheating spouse, film random people, and celebrities, and take intimate pictures of neighbors.
People tend to ignore the potential for intrusion when it’s celebrities who are being pestered, forgetting that micro-drones are now small and inexpensive enough that anyone could be victimised on a whim.
Regulation and cyberattacks
A fundamental problem has been regulation, which has been caught between the need to allow drones to fly where needed to be useful while restricting their use over airports, prisons, military facilities, and critical infrastructure.
This has turned out to be a challenge. Detecting them can be difficult – not all radar systems can detect small drones or distinguish them from other objects such as birds – while stopping them when they are detected can be almost impossible.
The long-term solution sounds clunky but unavoidable – a system of identification and authentication to separate legitimate drones from rogues:
One interesting method that can be used for this purpose as an out-of-band solution is installing a microcontroller on a group of white-listed drones.
Another approach would be to assign each drone with a unique identifier – although how to do that in a way that couldn’t be copied, disabled or spoofed remains an open question.
Perhaps the biggest issue hanging over all of this is how easy it might be for hackers to take control of legitimate drones through frequency jamming, GPS interference, or by exploiting a software or design flaw.
This hasn’t happened yet, but it’s probably just a matter of time. The researchers’ partial solution to this is interesting: instead of trying to stop it happening at all, focus on detecting and responding to it when it does.
For example, a drone that departs from its intended flight path could activate a protocol that instructs it to return to its base immediately by stepping through the manoeuvring commands that led it to where the event was detected.
Seen as novelties when they first appeared at the CES Show in 2010, putting these toys back in the box after a decade of mostly optimistic hype isn’t going to be easy. As so often happens, it looks as if the technologists who invented them will now have to busy themselves scrambling to secure their creation.
Daedalus
Perhaps the biggest issue hanging over all of this is how easy it might be for hackers to take control of legitimate drones through frequency jamming, GPS interference, or by exploiting a software or design flaw.
This hasn’t happened yet,
Who says?
John E Dunn
If you know of any public incidents, we’re all ears.
Daedalus
“Russia accused of massive GPS spoofing campaign”
Sophos, 01 Apr 2019 – unless the date is significant?
Paul Ducklin
Only inasmuch as the article was published on 01 April. (To be clear: Naked Security didn’t do any sort of April Fool’s activity this year. So you can rule that out.)
Bryan
> it’s amazing people didn’t see the problems coming
Sorry *cough* what was that?
:,)
No, humankind’s predilection for overlooking potential pitfalls in the face of nifty will survive to humanity’s last breath.
Mahhn
“If” you or someone you know is going to shoot down drones, Please use “ice pellets” in air or shotgun, so that it will be less than a tiny bit of hail as the shot(s) falls back to earth, and not hurt people.
TekDriven
I imagine we will see a lot more regulation with drones…specifically tailoring towards FAA regulation. I wonder if it will require licenses similar to the required FCC license for some walkie-talkies that use GMRS. There definitely is a lot of risk with these devices though. Aside from regulations for use…there will probably be a required amount of security on the software side for these devices too to prevent them from being hijacked.
Laurence Marks
Ummm, here in Raleigh, NC, USA, UPS started doing drone deliveries of blood samples yesterday from the remote sites of the county hospital to the lab in the main site. Look for the story at the Raleigh News & Observer website.
c.curtis
Drones with GPS navigation (required to fly long distance) also have geofencing. They will not enter restricted airspace without a specific limited exception downloaded into the drone while it is on (so the exception is for that flight only). This is not to say the systems can’t be hacked, but it DOES take a hack and will not be available to the average hobbyist flyer.
Paul Ducklin
The average hobbyist drone isn’t going to have enough battery power for really long flights so it would need to start near the restricted area anyway – it therefore sounds to me as though the feature to upload a single exception would be more than enough to defeat the purpose. (Though it might make it easier to prosecute an offender for “intent” if the drone couldn’t wander into, say, Gatwick airspace by mistake.)
saxonrau
If you use GPS spoofing to take control of the drone it won’t know it has deviated from it’s planned flight path will it? So unless drones have a means of being tracked externally then that avenue of damage limitation seems to be closed.
anonymous coward
These aren’t drones. A drone is an unmanned aerial vehicle capable of carrying missiles or heavy surveillance cameras, with radar, is gas powered, can stay aloft for 12+ hours, and can be operated from anywhere in the world. Drones are used by governments to spy and kill. The authors reveal their ignorance in programmable or remote controlled quadcopters, helicopters, and airplanes, by calling them drones. The one reportedly seen by Gatwick Airport was the size of a 4 seat dining room table, but still wasn’t a drone.
Anna Nyms
Drone drops off a package, another one following it picks up the package and brings it to another location.