Hacked drones an increasing concern as government seeks to ease restrictions

As the U.S. government works to ease restrictions on where drones can fly, they could become an attractive target for hackers. ( Photo: Shutterstock )

As the U.S. government works to ease restrictions on where drones can fly, they could become an attractive target for hackers. (Photo: Shutterstock)

On July 4, 2017, an unmanned aerial vehicle (otherwise known as a drone) crashed through the display window of a Kate Spade boutique in Manhattan, New York. On March 23, 2017, a 19-year-old Rochester teen crashed his drone through a 23rd floor window of City Hall in Buffalo, New York. On September 5, 2015, a drone piloted by a University of Kentucky student crashed inside packed Commonwealth Stadium moments before kickoff of the football game between the University of Kentucky and the University of Louisiana at Lafayette.

Those are just a few of the dozens of drone crashes recorded each year by Democrat & Chronicle, a website tracking drone incidents. And that is just crashes of small drones. In a five-month period covering August 22, 2015 through January 31, 2016, the Federal Aviation Administration (FAA) recorded 600 incidents of drones flying dangerously close to commercial or private aircraft. Drones flying near New Jersey’s Newark International Airport and London’s Heathrow Airport recently led to all flights being grounded, one of those drones was 3,500 feet in the air.

These incidents show the danger drones pose to infrastructure and life.

The government, while easing restrictions, is also changing its regulations as it struggles to find a balance between control and free enterprise, weighing all the positives and negatives drones can bring to society. As of Monday, February 25, 2019, drone operators not only must register their drones, but those registration numbers must be on the outside of the drone and visible. It is one of many regulatory changes taking place in the drone space. On January 14, 2019, the Trump Administration proposed sweeping new regulations for drones, including allowing nighttime operation without special permits, and allowing drones to fly over populated areas.

The regulations, if enacted, could be a boon to last-mile delivery, wherein drones are seen as having significant value in the near future, among other applications. The flip side, though, is increased risk.

“In general, drones share some of the same interfaces that are in other vehicles such as airplanes and cars and moving objects that are equipped with highly advanced technologies,” explained Samir Tout, professor of information assurance at Eastern Michigan University (EMU). “Now, along with the convenience these vehicles bring with advanced technologies, there is increasing concern about the vulnerability of vectors being hacked.”

Tout is leading research with graduate students at EMU into Controller Area Network (CAN) drone and vehicle security.

(CAN bus is a robust vehicle standard designed to allow microcontrollers and devices to communicate with each other in applications without a host computer. “Bus” is a term that refers to any communications system that can move data between one component and another.)

He told FreightWaves that this research is becoming more important as commonality between components could make it easier for hackers to take control of vehicles or drones.

“There’s a common [technological] area you will find across these moving vehicles, even flying vehicles and in the sea with modern ships that plan on becoming autonomous,” he said. “So, we are really working on a common platform that has the [potential] to be hacked.”

To illustrate, Tout said students are currently studying radio frequency (RF) communications platforms, which are becoming a common interface platform among assets. Connectivity of vehicles and the telematics platforms they are using is an example. Some of those same platforms are now being installed in drones.

“Not to paint a disturbing picture of this … [but] there are always vectors against which hackers have launched compromises into the system, and it uses conventional means,” Tout said. “The drone has multiple interfaces, so for a hacker that [interacts] with common interfaces that are on machines [they can now access drones with similar interfaces].

“Let’s say a hacker finds a vulnerability, and that interface exists in other vehicles, they don’t need to [create a new] attack, they can just reorient the attack to the new target – a drone, a car, etc.,” he added.

With the government easing restrictions on drones flying over people, it both speeds the opportunity for commercial operators to implement drone delivery programs but puts drones in closer proximity to people. It is something that does concern Tout.

“The FAA easing restrictions, that’s a positive impact on the commercial side of things, but on the other hand, I’m concerned about hackers being able to hack into drones and causing substantial damage,” he said. “With easing of those restrictions, then let’s say [Company A] is able to fly drones [with packages] above people. If someone hacks it now, there is [increased] chance that someone could fly it into people.”

Don’t miss it.  Register today .

Don’t miss it. Register today.

On the other hand, Tout said any easing of restrictions would be a positive for research programs like his because it increases the ability of students to acquire and study the systems. “We do welcome the easing of these restrictions so our students can learn on them, but our main goal is [security],” he noted.

The real concern, unfortunately, is that like computers, security may always be a step behind hackers.

“It’s going to always be us trying to catch up,” Tout said. “Someone hacking into one of those platforms is an easier endeavor than one of us developing [proactive] defensive techniques [against unknown attacks]. But establishing these connections [between industry and universities] gives us a bigger chance to proactively protect against these attacks.”

With research grants always competitive among many worthwhile projects, Tout is trying to raise awareness of the risk that hacked drones present.

“From my end, I’m really trying my best to reach out internally within Eastern Michigan University to fund research on these projects,” he said. “We have a lot of work ahead of us and I’m personally very excited about that, but obviously we need some support [from across academia, industry and government].”