As drones fill the skies, cybercriminals won’t be far behind

For the longest time, drones looked like a good-news tech story that would transform aerial photography, disaster relief and parcel delivery.

The world is still waiting to receive packages from the air (although UPS claims it’s started deliveries this week), which might be just as well because experts are having second thoughts.

Among those investigating the implications of a world filled with “very small and fast flying objects” are the Israeli-Japanese researchers behind a new study, Security and Privacy in the Age of Drones.

In hindsight, it’s amazing people didn’t see the problems coming as these devices got smaller, cheaper and able to operate many kilometres from the person controlling them.

The potential for terror-by-joystick malevolence and mischief is obvious, as London’s Gatwick Airport found out to its cost in December 2018 when it was forced to close its main runway.

But subtler problems might be worth looking at, the researchers argue, such as aerial spying and surveillance, of which there have already been several high-profile examples:

Exploiting these facts, drones have increasingly become a threat to individuals’ privacy as evidenced by their use to detect a cheating spouse, film random people, and celebrities, and take intimate pictures of neighbors.

People tend to ignore the potential for intrusion when it’s celebrities who are being pestered, forgetting that micro-drones are now small and inexpensive enough that anyone could be victimised on a whim.

Regulation and cyberattacks

A fundamental problem has been regulation, which has been caught between the need to allow drones to fly where needed to be useful while restricting their use over airports, prisons, military facilities, and critical infrastructure.

This has turned out to be a challenge. Detecting them can be difficult – not all radar systems can detect small drones or distinguish them from other objects such as birds – while stopping them when they are detected can be almost impossible.

The long-term solution sounds clunky but unavoidable – a system of identification and authentication to separate legitimate drones from rogues:

One interesting method that can be used for this purpose as an out-of-band solution is installing a microcontroller on a group of white-listed drones.

Another approach would be to assign each drone with a unique identifier – although how to do that in a way that couldn’t be copied, disabled or spoofed remains an open question.

Perhaps the biggest issue hanging over all of this is how easy it might be for hackers to take control of legitimate drones through frequency jamming, GPS interference, or by exploiting a software or design flaw.

This hasn’t happened yet, but it’s probably just a matter of time. The researchers’ partial solution to this is interesting: instead of trying to stop it happening at all, focus on detecting and responding to it when it does.

For example, a drone that departs from its intended flight path could activate a protocol that instructs it to return to its base immediately by stepping through the manoeuvring commands that led it to where the event was detected.

Seen as novelties when they first appeared at the CES Show in 2010, putting these toys back in the box after a decade of mostly optimistic hype isn’t going to be easy. As so often happens, it looks as if the technologists who invented them will now have to busy themselves scrambling to secure their creation.