Ever since the first commercial drone was demonstrated at the Consumer Electronics Show (CES) in 2010, drones or unmanned aircraft systems (UAS) have shown significant potential in personal and commercial applications across industries like construction, agriculture, oil and gas, and law enforcement, amongst others.
Over the past 10 years, drones have significantly grown in terms of the depth of capabilities and applications with the help of technologies like cloud computing, Artificial Intelligence (AI), and Machine Learning (ML).
Thanks to the advancements in these technologies – we can today use drones for pizza delivery, the shipment of goods, and filming, and perhaps they can provide an alternative for transportation in the near future.
Like every technology, drones too have the potential for misuse, which can pose several significant threats to public safety and security. Drones are today enabling new avenues for hackers and terrorists, who can use drones to carry payloads of any kind. When used with malicious intent, drones can be disruptive and destructive.
The growing number of drone incidents highlights the need to detect and disable drones that are maliciously used by their operators and have created a new avenue of drone research and development focused on anti-drone methods.
These are the advantages that attract malicious operators and terrorists to use drones.
- Possibility of achieving a long-range and acceptable accuracy with relatively inexpensive and increasingly available technology.
- Ability to carry out a wide-scale attack aimed at inflicting a maximum death rate on a population.
- Possibility to attack targets that are too difficult to reach
- Covertness of attack preparation and flexibility in choosing a drone launch site
- Poor effectiveness of existing air defenses against low-flying drones
- Relative cost-effectiveness of drones as compared with ballistic missiles and manned airplanes
- Possibility of achieving a strong psychological effect by scaring people and putting pressure on politicians.
This post will look at some of the most common drone threats grouped into the following categories:
1. Privacy risk
- Spying and tracking: The current generation of drones provides the first-person view (FPV) and HD resolution capabilities that allow operators to fly drones in areas located up to eight kilometers from the operator’s location. This helps drone operators remotely observe, track movements, and obtain video and images of objects of interest. This can be done both manually and automatically. Besides, modern drones are very small, and they can reach speeds of up to 65 kilometers per hour. Maneuvering the drone from far away to a target eliminates a malicious operator’s need to be close to the drone or target.
- Surveillance: Drones are portable, relatively low-cost, easy to operate, and capable of carrying highly sophisticated sensor packages, most commonly used to conduct Intelligence, Surveillance, and Reconnaissance (ISR). Malicious entities can use drones to survey and conduct reconnaissance of sensitive installations. Apart from video survey and monitoring, images obtained from drones can be used for 3D spatial reconstructions of installations with sufficient details to perform visual reconnaissance. The common ISR threats include pre-mission intelligence, post-mission assessment, individual privacy invasion, real-time target spotting/overwatch, industrial espionage, coordination of ground attacks, and gathering images for future operational use and propaganda purposes.
2. Security risk
- Interferences: The simple presence of a drone in the wrong place can interfere with the operations of a government agency or industry. For example, a drone can pose a foreign-object-damage hazard that will shut down airspace, airport ramp, or runway. A drone’s RF emissions can interfere with wireless networks and communications systems.
- Physical attacks: Using drones for physical attacks is not relegated to the realm of military scenarios. Drones can be used to conduct physical attacks on civilian targets as well. Drones can carry and dispense a wide variety of small payloads. These payloads can range from chemical, biological, radiological, nuclear, and explosives devices to RF jammers. Drones themselves can also be used as projectiles, potentially causing mass panic in a public gathering, damage, or injury. This is a potential threat to world leaders. The risk of the wrong drone near an oil or gas storage facility could be deadly and cause billions of dollars in infrastructure and environmental damages. Commercial airliners are also vulnerable to fatal drone attacks during their takeoff and landing.
- Smuggling: Drones have proven to be an effective means of bypassing traditional checkpoints and other physical security by allowing contraband to infiltrate otherwise secure perimeters. Using drone payloads to move contraband or transfer prohibited material (like drugs, cell phones, or other contraband) into sensitive zones or across international borders is a serious potential issue. In terms of smuggling, drones have two major benefits. First, they eliminate the need for a human smuggler. Second, even if a smuggling drone is detected or caught, determining the identity of its operator remains a challenge.
3. Penetration risk
- Data leakage: This means leveraging drones’ spatial accessibility to enable penetration to cause data leakage. Drones can create covert channels of communication using peripherals like multifunction printers and LEDs in hard drives. Several studies show how drones can establish a covert channel for data infiltration and exfiltration to/from an organization. Drones can be used to carry a transmitter and a receiver to modulate/demodulate data sent to/from malware installed on an air-gapped network of a target organization.
- Control and spoof: Drones also be used for spoofing the Wi-Fi routers and mobile devices by leveraging the right payloads to enable the ability to remotely control and track unsecured devices. They can even hijack a Bluetooth mouse to gain access to a wireless office printer; perform wireless spoofing and de-authentication attacks on a targeted user, and hijack a smart bulb.
