Drones are common military devices and fly with weapons on board. Every day, hacking attacks are read about in newspapers. I asked myself if military drones and even my drone could be hacked. To answer this question, I did some research on whether drones can be hacked and how. Here is a small summary of what I found.
Is it possible to hack a drone? Yes, there are many ways to hack a drone and also gain control of the drone. Common ways to hack a drone include simulating the flight planning software or plugging in between the remote controller and drone. The question is always what the hacker wants to achieve.
A lot of people underestimate how easily drones can be hacked.
How drones are hacked
Like all electronic devices, drones are not immune to hacking attacks. The complicated combination of control data, video data, GPS, and telemetry transmission offers a variety of attack options. Even the wireless data transmission itself can be tapped into in a few steps, and control signals can also be changed.
Some of the consumer drone hacks can be prevented by laws. For instance, Sweden prohibits the use of camera drones unless the owner can prove the benefit of using one. Drone manufacturers are also developing newer ways of making their drones safer. The topic of drone hacking is constantly changing, and hackers are always finding new ways to pursue their goals.
Generally, there are four different types of attacks on drones.
- Fly-away attacks
- Lock-out attacks
- Take-down attacks
- Data thefts
Many Internet of things (IoT) devices like drones have problems authenticating the correct user or owner. A Wi-Fi-controlled drone can be easily stolen by anyone within the Wi-Fi signal range. Getting access to the device is different depending on whether the drone is on the ground or in the air.
At the moment, when the drone is turned on while on the ground but not flying, an attacker can hijack the drone and fly it away using a drone app.
When the drone is in the air, an attacker can kick the legitimate user off the drone access point. The drone searches for a controller, and the attacker can immediately take control with a mobile device app without authentication.
Hacks on drones with ftp connections or telnet servers are more sophisticated but also possible. Telnet is a network protocol that allows a user to log into a computer that is part of the same network.
To take a drone down, an attacker connects to the drone access point and remotely accesses the open telnet. He or she sends a command to power off the drone, and at this point, the pilot’s mobile device loses its connection to the drone.
To steal user data, the attacker only needs to be within Wi-Fi range. The ftp server provides no anonymous login but full access to the file system. It is possible to steal images and videos by connecting a computer to the drone access point and downloading the files. This attack is done without being detected by the drone owner.
Junia Valente and Alvaro Cardenas of the University of Texas at Dallas did some research on this topic. For more information, click here.
What can I do to improve drone security?
If you are worried about your drone being hacked, there are some tricks to improve the security of your drone.
The first and easiest way is to continuously update the software running on your drone. Most of the drone software is updated annually. Unfortunately, it is not possible for some drones to update the firmware. If updates are possible, see the update instructions in your drone’s manual.
Use a strong password for the drone access point with WPA2. Strong passwords include capital letters, numbers, and special characters. They should be at least eight characters long.
A more sophisticated tip is limiting the number of devices allowed to connect to the access point of your drone.
Deactivate ftp and telnet. For normal use of the drone, ftp and telnet are not necessary. If your drone needs ftp, you can block anonymous access to your device.
What a hacker wants to achieve
The reasons why someone would want to hack a drone are unlimited. For some, it is the thrill of bypassing electronic security systems, and for others, it is a systematic crime.
The fly-away attacks have the goal of stealing your drone. Hackers sit in a car within Wi-Fi range of your drone, take control of it, and drive away in the getaway car while controlling the drone.
Take-down hacks are usually launched to annoy someone. These hacks could be very dangerous, especially if people are near the drone.
If a hacker steals your data, you won’t even notice. Hackers sell these pictures or videos, if they are usable pictures, that is. 😉 If you have a business using the drone to take pictures or create videos, you have to consider your data security.
How to track a drone
There are various reasons to track a drone or the drone pilot. For one, when a drone is flying in a non-flying zone, the police, if they are fast enough, will try to locate the drone pilot.
One easy way to track a drone is to wait until the battery is empty and follow the drone back to where it lands. Generally, the pilot is also there.
A second tracking system uses triangulation. With the use of ground radio tracking equipment and two measuring points, the location of the pilot or the drone can be identified. The same method is used to locate mobile phones.
The danger of hacking military drones
The global danger of hacking your consumer drone is very low, but most military drones are equipped with weapons. Hackers also come up with ways to bring down the high-tech unmanned aerial vehicles (UAVs) employed by the military.
In late 2011, according to Iranian officials, they were able to ground a U.S. Air Force drone by manipulating the global positioning system (GPS). First, they blocked the communication links, so the drone was unable send or receive information. The drone thus switched to autopilot and flew to its “home position.” By manipulating the GPS system of the drone, the hackers led the drone to believe that it was close to its home base, and it landed in Iran instead of at the U.S. base in Afghanistan.
The manipulation of the GPS system was done through a spoofing attack. Hackers sent the drone new coordinates to manipulate the automatic home route and change it to the new one.
That was the starting point of an arms race to make drones safer against hacking attacks. Currently, the U.S. military is working with Boeing to build a drone that is secure from hacks. They are trying to operate the drone with a new programming language to optimize the security system.
For more information, click here.
Can a drone be shot down?
Technically, yes, but it is very dangerous. If you use a 08″/7.62-mm rifle pointed upwards at 70 degrees, the dangerous zone in front of it is up to 2.5 miles or four kilometers long. So, if you don’t hit the drone, the cartridge can kill somebody, and if you do hit the drone, the drone can kill somebody with its fall.
Can a drone be detected on radar?
Yes, the resolution of radars is very high. They can detect objects down to 0.4 inch² or 0.01 m² within a range of 3 miles or 5 kilometers. Normally, nobody is watching anything that is so tiny, because then you would see every bird on radar.