Poor Security Makes Drones a Serious, Rising Threat
The growing prevalence of drones, whether they are used for amusement, commerce, or security and surveillance, is creating a serious public threat because their cyber defenses are so weak, analysts warn. And once hackers thwart security measures, the possibilities for crime and mischief are limited only by imagination.
Many people are familiar with drones (or UAVs, for unmanned aerial vehicles) as military weapons or even experimental product-delivery tools for retailers such as Amazon, but few are aware of just how extensive and varied their use is becoming.
“UAVs have been successfully deployed as crucial links in supply chain logistics for the pharmaceutical industry, enabling delivery of fresh blood plasma and essential drugs to remote regions inaccessible to other forms of transport. Drones have also proven their value as reconnaissance and delivery agents in the health care and emergency services sectors,” says security solutions provider CybeRisk in the blog “The Usage of Drones in Cyber Attacks—Both as Targets for Attack and as Potential Attack Vectors.”
“In agriculture, drones are being used to chart patterns and success rates for irrigation and to monitor the health of growing crops via infrared and other technologies,” CybeRisk says.
Unfortunately, the potential for misuse is just as varied.
Terrorists, of course, could use recreational drones to deliver biological weapons or explosives, but researchers have demonstrated that they also could hack into commercial drones from the ground to change their flight paths or simply knock them out of the sky, CybeRisk warns.
Drones could also be used in cyber attacks. “Given their maneuverability, small size, and the fact that their combination of onboard processing power, photographic equipment, and connectivity makes them the equivalent of flying laptops, it’s no wonder that drones are now perceived as viable threats to information security,” CybeRisk points out.
Consider the vulnerability of wireless networks. Consumers and businesses often use light or no security because they believe they are unlikely targets since the signals of wireless networks are so limited.
“Compromised or purpose-bought UAVs could be flown or discreetly landed in the vicinity of a hot spot and used to stage [attacks]…over guest and short-range Wi-Fi, Bluetooth, and other wireless connections,” the company warns.
The internet security site Threatpost reports that commercial drones often appear to have lax security on purpose because it eases manufacturing and communication between controllers and apps for smart phones and other devices that act as controllers.
“It seems that these commercially available devices are ‘insecure by design’ to enable the proliferation of devices and the reuse of drone apps,” researcher and software engineer Junia Valente told Threatpost.
The United States Computer Emergency Readiness Team (US-CERT) issued a warning in April about vulnerabilities in one model that Valente discovered, but Valente told Threatpost she has turned up a number of other security flaws in drones.
DEADLINE REMINDER: Insurance brokerage firms licensed to do business in New York will be required by August 28 to submit and maintain a written cybersecurity policy, appoint a chief information security officer and take other steps required by a new law. Check out the details.comments powered by Disqus