Insurance in the age of drones - The hacker

Drones have the potential to do great good in society. Equally, in the wrong hands, they have significant potential to cause harm.

Drones have already been used in illegal surveillance, both at an individual and an industrial level. They can be used in smuggling, and there have already been several cases to drugs being shipped into jails. They can be used in direct physical attacks, they can be used to intercept wireless signals and hack. There is a burgeoning industry developing in physically stopping rogue drones, from using birds of prey to flying nets.

Watch the interview with Samy Kamkar:

"I mean, this event is actually extremely interesting to me because I had no idea this existed. I had no idea there was such a large population of people dedicated to solving this problem. I never even thought about the problem. I'm on the other side and I'm trying to develop and push forward some of this technology, and I completely now see it from another angle that I didn't before. So I think it will hopefully make me think twice when developing new things and how I can implement, maybe, a better implementation to prevent issues, like, that we're trying to solve here."

Any networked machine can be hacked, given sufficient time and resources. What makes drones different is the level of interfaces they require to allow them to navigate. Drones need sensors to know where they are, which direction they should be going in, and avoiding collisions. These include GPS, a barometer, sonar, accelerometer, LIDAR and a camera. They need communications to receive instructions from an active controller, from beacons or from other devices. Among these are blue tooth, wifi, infrared, radio control, video and telemetry. This constant interaction between drones and their environment provides many potential planes of attack for the would-be hacker. Some of these include:

  • Radio frequency – Perhaps the most straightforward way to hijack a controlled drone would be to build a controller operating on the same radio frequency as the target. An attacker could also jam the frequency, so that the legitimate controller of the drone would lose control.
  • Gyroscope – A drone could fly towards a target drone, and using soundwaves, manipulate the targets gyroscope to redirect or jam the drone.
  • Telemetry – Using wireless protocols, a hacker could broadcast spoofed information that would redirect the drone.
  • GPS spoofing – GPS signals are not encrypted. Although it is illegal, it would be possible to fly a drone near another drone, and broadcast a false GPS signal and misdirect all drones within the area.
  • Video hijacking – Transmission of video signals are unencrypted. A hacker could see whatever pictures the drone was taking.

All this can be achieved on cheap and readily available technology, as Samy demonstrated with almost alarming ease at the conference, commandeering a commercially available drone in a few tens of seconds. Drones cannot be made totally hacker-proof, but as with any emerging technology, security tends not to be a leading concern. Before drones become part of our daily lives, that will have to change.

Summary of Samy Kamkar's presenation at the Centre's Drone event in October 2016. Kamkar is a privacy and security researcher, computer hacker, whistleblower and entrepreneur. Summary written by Simon Woodward.