The growing popularity of personal and commercial drone use in populated areas poses significant risks both for society and drones due to the lack of additional technology needed to secure both from one another.
Today, drones – professional ones that take photographs and observe actions below as well as toys operated by children – are taken for granted. The world market for drones is expected to reach $1.85 billion by 2024.
The lack of such protective technology could be exploited by malicious entities for cyberattacks, terrorism, crime and threats to privacy and also to attack drones while flying for a legitimate purpose, according to a new research report by Ben-Gurion University of the Negev (BGU) researchers and Fujitsu System Integration Laboratories Ltd.
The first comprehensive study on “Security and Privacy Challenges in the Age of Drones” assesses 200 academic and industry techniques designed to detect and disable drones flying in both unrestricted and restricted areas. Its findings coincide with the US government proposal to allow civilian drone flights that abide by new security rules to carry out deliveries and other commercial uses in populated areas.
“The cutting-edge technology and decreasing drone prices made them accessible to individuals and organizations, but it has created new threats and recently caused an increase in drone-related incidents,” says Ben Nassi, a doctoral student in BGU’s Software and Information Systems Engineering Department (SISE) and a researcher at the BGU Cyber Security Research Center.
“There are many difficulties that the military, police departments, and governments are seeking to overcome, as it is a recognized threat to critical infrastructure, operations and individuals,” Nassi added.
The researchers examined different ways to detect drones in areas where their use is restricted, including radar, sound and RF (radio frequency) scanners, thermal cameras and hybrids of these methods. But they think the biggest challenge is determining the purpose of the drone in non-restricted areas – for example, whether a detected drone is being used to deliver a pizza, spy on someone in a shower, launch a cyberattack or smuggle goods.
“An open-skies policy that allows drones to fly over populated areas poses a significant challenge in terms of security and privacy within society” said Prof. Yuval Elovici, Ben Nassi’s Ph.D. advisor who is director of the Deutsche Telekom Innovation Labs @BGU; director of the BGU Cyber Security Research Center, SISE faculty member and the Davide and Irene Sala Chair in Homeland Security Research. The research team also included Dr. Asaf Shabtai from BGU’s SISE, as well as Dr. Ryusuke Masuoka and Kohki Ohhira from Fujitsu System Integration Laboratories Ltd.
“Attackers can disguise a cyberattack as legitimate pizza-delivery drone by hiding the hardware they use inside the pizza box. To illustrate, the BGU and Fujitsu researchers demonstrate an attack exploiting a pizza delivery to launch cyberwarfare against smart cities by triggering watering via a cellular smart-irrigation system.
The researchers also presented a physical method to disable a drone’s active tracking functionality, a new technology recently introduced by drone manufacturers that is based on computer vision algorithms.
“We believe that there is a major scientific gap and definite risks that can be exploited by terrorists to launch a cyber-attack in an unrestricted area,” Nassi said. “While it is inevitable that drones will become more widespread, we need to recognize that an open-skies policy poses multiple risks and that current solutions are unable to solve as a result of a major scientific gap in this area.”
The researchers propose ways to enable flying drone identification as well as registration, which is now required by the US Federal Aviation Administration. This includes dedicated techniques for authenticating drones and their operators. While in their previous study, the researchers demonstrated a new technique to detect a spying drone, new methods to determine the purpose of a nearby drone must be developed, they concluded.
According to the IEEE Spectrum, the journal of the world’s largest professional organization devoted to engineering and the applied sciences, anyone who wants to fly a drone weighing more than 250 grams (even just for fun in the backyard) must register that drone and follow some generally common sense rules and regulations. The FAA has now updated the rules – all drones must now display registration information externally.
The original rule was that you could hide the registration number inside the battery compartment, or anywhere else that could be accessed without tools. After registering the drone, they may fly it at a maximum height of 122 meters; keep it within one’s line of sight; respect privacy; never fly near other aircraft, especially near airports; never fly over groups of people, public events or stadiums full of people or near emergencies such as fires or hurricane recovery efforts; and never use your drone under the influence of drugs or alcohol or act foolishly.
In a journal published by Cornell University, the team presented the challenges arising in areas that allow drone flights, introduced the methods that exist for dealing with these challenges and discussed the scientific gaps that exist in this area. They also discussed ways of disabling drones, analyzed their effectiveness and suggested future research directions.