Researchers discover drone security flaws by crashing them

Researchers show that crashing drones can be constructive

security flaw in drones

Normally when you think of rogue drones, you think of pilots flying where they shouldn’t, getting too close to people or airports, and generally giving the community a bad name. And that’s probably fair enough. Most of the dangerous flying making headlines is down to people breaking the rules. But what happens when your drone is hacked? Now, researchers at John Hopkins University have raised concerns about how easily someone else could take control and they’re discovering drone security flaws. To prove that pilots might be at risk, they’ve been hijacking and crashing drones with a number of different methods.

Exploiting the security flaws in consumer drones

The researchers at Johns Hopkins are nice people, so instead of calling what they do ‘attacks’, it’s seen instead as an ‘exploit’, a way of getting under the skin of a drone and taking advantage of its software weaknesses. To see exactly how vulnerable regular consumer drones were to being hacked, they set about targeting the wireless connection between pilot and UAV.

“An exploit is a piece of software typically directed at a computer program or device to take advantage of a programming error or flaw in that device.”- Michael Hooper, Student Researcher, Johns Hopkins.

The team systematically targeted their test drones with three different exploits. The first involved bombarding the drone with around 1,000 wireless connection requests in rapid succession, each asking for control of the airborne device. Understandably, the drone was overrun with the sheer weight of requests, causing the CPU to overload, shutting the drone down, and sending it into what the team referred to as “an uncontrolled landing.”

The second hack involved transmitting to the drone a huge data packet that far exceeded its buffer capacity. Once again, this caused the drone to crash.

For the final disruptive attack, researchers repeatedly sent a fake digital packet from a laptop to the drone’s controller, telling it that the packet’s sender was the drone itself. Incredibly, the drone’s controller started to believe that the packet sender was actually the drone. This caused it to sever its own contact with the drone, which caused the drone to make an emergency landing.

Security is often an afterthought. The value of our work is in showing that the technology in these drones is highly vulnerable to hackers.” – Lanier A. Watkins, Researcher, Johns Hopkins University.

“We found three points that were actually vulnerable, and they were vulnerable in a way that we could actually build exploits for,” Watkins said. “We demonstrated here that not only could someone remotely force the drone to land, but they could also remotely crash it in their yard and just take it.”

drone security flaws
Johns Hopkins graduate students discovered three security flaws in a popular hobby drone, all of which could which cause the small aircraft to make an “uncontrolled landing.” IMAGE CREDIT: WILL KIRK / HOMEWOODPHOTO.JHU.EDU

Drone security remains an issue

While there’s still plenty of debate about where drones should be allowed to fly and how qualified pilots have to be in order to take the controls, the researchers at Johns Hopkins highlight that there’s probably a bigger worry that we should be focused on: hacking. Whether it’s consumer drones being taken out of the sky by a sophisticated network attack, or a larger police or media drone being hit in the same way, falling UAVs represent a threat to anyone walking around below.

The same threat represents an opportunity for anti-drone tech

While many in the industry will worry about the basic security flaws in consumer drones, those selling anti-drone measures can actually take advantage. As long as pesky pilots can be downed with the touch of a button, security officials can at least rest easy knowing that events and large gatherings of people can be simply protected easily if needed. There have been a few companies begin to specialise in this type of technology.