New research raises concerns about how easily hackers could take control of flying drones and even crash them.
Johns Hopkins University engineering graduate students and their professor discovered three different ways to send rogue commands from a computer laptop and interfere with an airborne hobbyist drone’s normal operation. The hacks either force the machine to land or send it plummeting.
The finding is important because drones, also called unmanned aerial vehicles, are, pardon the expression, flying off the shelves. A recent Federal Aviation Administration report predicted that 2.5 million hobby-type and commercial drones would be sold in 2016.
In their haste to satisfy consumer demand, drone makers may have left digital doors unlocked.
“You see it with a lot of new technology,” says Lanier A. Watkins, the computer science faculty member who supervised the research. “Security is often an afterthought. The value of our work is in showing that the technology in these drones is highly vulnerable to hackers.”
Drones are not cheap. Fortune reported recently that the average cost is more than $550, though prices vary widely depending on the sophistication of the device. Hobbyist drones are flown largely for recreation and for aerial photography or videography.
But more advanced commercial drones can handle more demanding tasks. Farmers have begun using drones with specialized cameras to survey fields and help determine when and where water and fertilizer should be applied. Advanced drones can also help in search and rescue missions over challenging terrain. Some businesses, such as Amazon, are exploring using them to deliver merchandise.
The 3 successful hacks
Watkins, a senior cybersecurity research scientist at Johns Hopkins’ Whiting School of Engineering, assigned his master’s degree students to apply what they’d learned about information security in a final project. Watkins, who also holds appointments in the university’s Applied Physics Laboratory and Information Security Institute, suggested they do wireless network penetration testing on a popular hobby drone, find vulnerabilities, and develop “exploits” to disrupt flight control by a drone’s operator on the ground.
An “exploit,” explains student Michael Hooper, “is a piece of software typically directed at a computer program or device to take advantage of a programming error or flaw in that device.”
The students, for instance, bombarded a drone with about 1,000 wireless connection requests in rapid succession, each asking for control of the airborne device. This digital deluge overloaded the aircraft’s central processing unit, causing it to shut down. That sent the drone into what the team referred to as “an uncontrolled landing.”
In a second successful hack, the team sent the drone an exceptionally large data packet, exceeding the capacity of a buffer in the aircraft’s flight application. Again, this caused the drone to crash.
For the third exploit, the researchers repeatedly sent a fake digital packet from their laptop to the drone’s on-ground controller, telling it that the packet’s sender was the drone itself.
Eventually, the researchers say, the drone’s controller started to “believe” that aircraft was indeed the sender. It severed contact with the real drone, which eventually led to an emergency landing.
“We found three points that were actually vulnerable, and they were vulnerable in a way that we could actually build exploits for,” Watkins says. “We demonstrated here that not only could someone remotely force the drone to land, but they could also remotely crash it in their yard and just take it.”
In compliance with university policy, the researchers disclosed their findings early this year to the maker of the drone they tested. By the end of May, the company had not responded. The researchers have begun testing higher-priced drone models to see if these devices are similarly vulnerable to hacking.
Watkins says he hopes the studies serve as a wake-up call so that future drones for recreation, aerial photography, package deliveries and other commercial and public safety tasks will leave the factories with enhanced security features already on board, instead of relying on later “bug fix” updates, when it may be too late.