Commercial drones pose cybersecurity threats, study finds
Ben-Gurion Unversity and Fujitsu said the lack of supporting technology could be exploited by malicious entities for cyberattacks, terrorism and crime
The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and drones due to the lack in additional technology that is required to secure both parties from one another, researchers found.
According to a new research report by Ben-Gurion University of the Negev (BGU) researchers and Fujitsu System Integration Laboratories, the lack of supporting technology could be exploited by malicious entities for cyberattacks, terrorism, crime and threats to privacy and also to attack drones while flying for a legitimate purpose.
The study, dubbed “Security and Privacy Challenges in the Age of Drones” evaluates 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. Its findings coincide with the U.S. government proposal to allow civilian drone flights with new security rules that permit deliveries and other commercial uses in populated areas.
To highlight the threat, the researchers demonstrated a new physical method to disable drone’s active tracking functionality, a new technology that was recently introduced by drone manufacturers that is based on computer vision algorithms.
“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but has created new threats and recently caused an increase in drone-related incidents,” said Ben Nassi, a researcher at the BGU Cyber Security Research Center. “There are many difficulties that militaries, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations, and individuals.”
The researchers examined different ways to detect drones in drone-restricted areas including radar, RF Scanners, thermal cameras, sound and hybrids of these methods. However, they believe the biggest challenge is determining the drone’s purpose in non-restricted areas. For example, whether a detected drone is being used by its operator to deliver a pizza, spy on someone in a shower, launch a cyber-attack, or smuggle goods.
“An open-skies policy that allow drones to fly over populated areas pose a significant challenge in terms of security and privacy within society” said Yuval Elovici, director of the Deutsche Telekom Innovation Labs@BGU and director of the BGU Cyber Security Research Center. “Attackers can disguise a cyber-attack as legitimate drone pizza delivery by hiding the hardware they use inside the pizza box.
The researchers proposed methods that enable flying drone identification as well as registration. This includes dedicated techniques for authenticating drones and their operators.