It may not be long before we see “dronejacking” added to the Oxford English Dictionary.
While the IoT has recently been a frequent touch point for discussions about cybercrime and security breaches, most of the concern about drones has been around their potential to cause havoc with existing air traffic or inadvertently invading people’s privacy. “Dronejacking,” on the other hand, is intentional.
A report released late last year by Intel McAfee Labs predicts 2017 will be the year that hijacked drones become a threat to contend with. We’re not talking just for hobbyists, but for the various industries and organizations that are becoming increasingly reliant on the flying technology, including agriculture, news media, logistics and shipping companies, government, and law enforcement agencies. Security software firm Symantec echoed that dronejacking prediction a month later.
Drone heists and hacking
The McAfee Labs: 2017 Threats Predictions released by Intel Security last November noted that dronejacking is no longer just about hijacking a child’s or hobbyist’s flying toy as drones continue to see more mainstream adoption. Both Amazon and UPS are looking at delivering packages using drones, as the report notes, and shipping drones become a realistic target for criminals when you consider they will most likely be launched from a dedicated location. This would make traffic patterns easy to spot, and dronejackers could easily stake out a location and wait for targets to appear.
Just as drones have demonstrated an ability to be used to hack the local wireless network of a home, business or critical infrastructure facility, it’s also been proven as far back as 2015 that someone could easily hack a toy drone, if only to steal and resell it in whole or for parts. McAfee Labs also noted that already there have incidents of homeowners being annoyed by drone flyovers to the point of taking them down with a shotgun. But another method of combating drone trespassers could be to exploit software vulnerabilities that enable someone to set up an electronic barrier around a house that either kills or redirects drones that fly too close.
More law enforcement agencies are increasingly using drones equipped with cameras to assist with surveillance and crowd control instead of wall-mounted security cameras, opening up the possibility of protesters and hacktivists knocking out a drone during a protest, for example.
Drone management is an IT issue
Both Transport Canada and the U.S. Federal Aviation Administration are developing regulations to govern drone usage. In the meantime, it will be up to IT departments to deal with the challenges created by drones, just as they are grappling with IoT. As already noted by research firm Tractica, how drones are deployed for commercial use and the particular industry segment will determine the effect on IT departments, while the number of drones deployed combined with their capabilities will determine the complexity of an organization’s IT system for managing their fleets.
Just like mobile devices and the BYOD trend, IT will have to safeguard drones against theft of data and intellectual property. Dronejacking could potentially affect certifications like ISO9001 or ISO27001 for information security. As Tractica notes, it’s not just the security of drone data that’s adding to IT departments’ workloads. Drones have the potential to produce large amounts of data that must be stored or processed, either locally or in the cloud, so data science expertise will also be needed. Some organizations may even find themselves requiring a Chief Delivery Drone Officer.
Software updates to the rescue
The good news is, like most endpoints, drones aren’t that different from desktop computers or smartphones. The vulnerabilities that might lead to dronejacking can be addressed by a software update, although, as McAfee Labs notes, any patch would have to be provided by the drone manufacturer. It’s likely that high-end drones would be patched quickly, but cheaper models by might continue to fly for a long time without getting the needed software update.
Ultimately, drones are like any other IoT device connected to a network in that they quickly become targets for hacking. But, the report notes, what makes drones potentially easier to hack is they’re designed to be set up quickly and easily, have many open ports, and often use unencrypted communication. They’ll be easy targets for dronejacking tool kits.
Who knows: Maybe at some point, Oxford may also have to add “drone wrangler” to its dictionary. It would look pretty cool on a resume.