Cyber vulnerability of drones: a windfall or a threat?

Since the advent of civil drones, the question about risks related to their use is regularly debated in the public space: collision risk with aircrafts, aerial flyover of forbidden sites, potential terrorist acts and, without forgetting, the hacking risk… In this context, the current lack of security of drones is it a source of danger or, on the contrary, the last defense against malicious use?

Mastering a flying drone, as well as the safeguarding of data collected, thus represent essential major issues for the development of this technology. It is on the basis of this observation that, very early, the actors of the market started thinking about the drones hacking issue.

Better understanding drones hacking

An operating drone receives and emits different signals needed for its flight. These wireless communication channels are not protected, so drones are as vulnerable to hacking risks as any connected electronic device.

The reason of this security defect is quite simple: implementing protection systems would increase manufacturing costs, while reducing the autonomy in flight of the device. One of main concerns in terms of drones engineering is the optimisation of the flight-time autonomy ratio (power/weight/consumption). So, we better understand why the current-generation drones remain sensitive to the following hackings:

  • Rising signals (received by a drone: radio command signal, GPS signal, etc.) can be affected by lure signals. These signals, of identical characteristics but of higher power, have the effect of “recovering” the weakest signal. This method is the most worrying on a public security level, because it would potentially allow an ill-intentioned person to displace the signal of a radio command and to take control of the flying drone. In the same way, it is possible to distort GPS information received by the drone, that will then modify its path.
  • Downlink signals (emitted by the drone: video retransmission, flight information, etc.) involve a risk of interception or alteration of transmitted data. Actually,  video feedback is generally transmitted on non-secured radio waves. So, each receiver correctly configured and close enough to the emission point can receive data, without being perceptible to, or localisable by, the user.

drone-hacking

A real danger or a security guarantee?

In the framework of the technical and legal evolution of the drone industry, it could seem appropriate to incite manufacturers to find a solution to these vulnerabilities in order to reinforce security. However, does the civil society really want completely secure drones to fly everywhere?

Of course, the hacking risk is real. Still, it remains anecdotal to this day.

Conversely, flyover of forbidden sites or grouping of people, industrial or sensitive site espionage, banned cargo transportation (borders, prisons, etc.), terrorist risks (to date, at least two terrorist attacks that planned to use drones have been thwarted: in 2011 in Boston and in 2013 in Germany), are real risks and experiencing a sharp increase.

So, the race to  develop interception equipment is in full swing. Securing airspaces has become a national security issue and interception technologies by interference are among the most valued themes.

As each country has its own regulations on this matter, what will be the position of French institutions? Protecting hundreds of thousands of drones against a possible hacking risk, even if limited, or keeping some vulnerabilities allowing control to be retaken in case of fraudulent access to certain flying zones? Some answers will have to be given quickly in order to determine a precise legal framework.

 

Guilhem MARTIN-RAGET, Information Technology Loss Adjuster