The Impending Use of Commercial Drones in Stalking, Hacking, and Terrorist Attacks

The Age of the Drones is here, whether you’re ready for it or not. You can buy them in any size and for nearly any purpose. Amazon lists drones from around $50 to about $1,300. Most of them come with cameras. Some can be operated through a tablet or smartphone. Some have GPS capabilities and others can stream live video to YouTube. They probably have a legitimate place in today’s world. They can patrol borders, look for lost hikers, patrol streets, stream live news events, and deliver pizzas. They also have the capability of doing some pretty evil things. It’s the old double-edged sword of technology.

At the lowest end of the scale, drones can, and have been, used for spying on people who don’t want to be spied on. Celebrities, including Selena Gomez, Tina Turner, Anne Hathaway, Miley Cyrus, and Rihanna have already had drones swarming around their homes or private events. As drones become easier to use, expect to see those with stalking instincts use them to keep an eye on their victims. The Mind4 drone, for example, can be programmed to follow a particular person. The company promotes it more as a flying selfie stick, but a dedicated stalker (and most of them are) will clearly see the Mind4’s usefulness as a stalking device.

As drones become more prevalent as a delivery device for retailers, one would have to wonder if these deliveries could be somehow hijacked and the merchandise stolen. The answer is, apparently, yes. The Parrot AR.Drone 2 comes with its own source code which allows users to reprogram it for their own needs. One of these users changed the code to allow it to take control of other drones. The program, called SkyJack, enables a drone to take control of any other drones flying in the area. According to the developer, the SkyJack drone, “flies around, seeks the wireless signal of any other drone in the area, forcefully disconnects the wireless connection of the true owner of the target drone, then authenticates with the target drone pretending to be its owner, then feeds commands to it and all other possessed zombie drones at my will.” To put it in simpler terms, I can hijack your pizza.

The idea of intercepting WiFi communications brings up an interesting point. Can hackers use drones to penetrate a network with a man-in-the-middle attack? The answer is, again, yes. The recent hacking of the Hacking Team and the subsequent release of the hacked documents shows that they had developed a way to hack WiFi networks using drones, which they named, Remote Control System Galileo. In their overview of the system, they state that

“Remote Control System is invisible to the user, evades antivirus and firewalls, and doesn’t affect the devices’ performance or battery life. Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move.”

According to leaked documents, Boeing was interested in this idea and had started negotiating with the Hacking Team for its development.

It, thus, seems clear that drones can be used to compromise networks through devices connected to a network. This is a common mode of attack, only this one uses the WiFi signal itself to compromise the network and does not rely on spear phishing. Yes, precautions can be made to secure the network; however, hackers have consistently found ways around such software security solutions. Security which employs true hardware separation of network endpoints from important data can be used to prevent such attacks. However, most companies and organizations are still using outdated software protection or pseudo-hardware solutions, such as sandboxing and virtualization, which have been repeatedly breached. Drone hacking will just make such endpoint-compromised breaches even more likely.

On January 26th of this year, a small drone crashed on the White House lawn. The White House downplayed the incident as nothing more than the irresponsible behavior of a drone hobbyist who later admitted he was drunk at the time. Although it was downplayed, the White House knew the event was far more serious than they made it out to be. It showed that small drones were impossible to detect and could penetrate normal White House defenses. There is a 25km (15mi) no-fly zone around the White House and this was extended to include drones. But, besides spying, what harm could a drone do? After all they have a limited range and limited payload capabilities.

That may be, but drones have already been found carrying drugs across the US-Mexican border and delivering weapons to criminals in prisons.

dronedrugs

 Crashed Drug-Carrying Drone

Videos have also emerged that show flying drones shooting pistols. In 2013, German police raided the homes of Islamic extremists who were planning to use drones to bomb a summer camp. The US military has already shown that commercial drones could bomb targets and this made them more concerned about the potential for drone attacks on infrastructure, such as power stations, bridges, or railroads. Even chemical weapon attacks cannot be ruled out.

Because of this, the White House is scrambling to put in place a variety of anti-drone defenses. Some of them jam GPS signals while others use anti-drone drones, much in the way that SkyJack does. The company that produced the drone that entered the White House grounds, Chinese-based DJI, has updated its firmware to prevent its drones from flying in no-fly zones. Any sensitive area that drones could compromise, such as borders, will be inaccessible to anyone trying to use the company’s drones. The firmware has all off-limit GPS coordinates programmed into it to make the drone inoperable in those areas. You can expect to see such firmware being required for all drones in the future.

But who says drones need to use GPS signals to find their targets? Mexico National Institute of Astrophysics’ Professor, Martinez Carranza, has developed an autonomous navigation system that does not rely on GPS at all. The system, named RAFAGA (Robust Autonomous Flight of unmanned aerial vehicles in GPS-denied outdoor areas), which matches features on the ground to those found on built-in maps to find a specific location. Experts claim that the system is even more accurate than GPS-based systems.

The bottom line is that if terrorists wanted to use drones to deliver a payload, they probably could. According to one source, “senior MI5 figures believe ISIS has already tested how much plastic explosives the flying machines can carry. The group has reportedly been experimenting with detonation devices”. And who’s to say they would not direct a whole fleet of drones to attack, let’s say, a crowded sporting event or a popular tourist site. Let’s face it, what groups like ISIS want is to make a dramatic impact and kill as many people as possible. For them, this is nothing more than good PR. They would love to show western governments that they have a new weapon at their disposal and they would love to increase the amount of fear in the average citizen. They need to launch such an attack before newer, more effective forms of defense against drones are developed, which is why I would not be at all surprised to see at least an attempt at a drone attack by the end of this year, if not sooner. So. for the moment, anyway,  the best defense against drone terrorist attacks is still good, old-fashioned, intelligence.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s