Three alternative methods were found by graduate engineering students at Johns Hopkins University and their professor for interfering with an airborne hobby drone’s normal operation by sending erroneous orders from a computer laptop. The machine is either forced to land by the hackers or is sent flying.
The discovery is significant because unmanned aerial vehicles, often known as drones, are, excuse the pun, flying off the shelves. According to a recent Federal Aviation Administration forecast, 2.5 million commercial and hobby drones would be sold in 2016.
It’s possible that drone manufacturers left digital doors unlocked in their haste to meet consumer demand.
The researcher who oversaw the study, Lanier A. Watkins, a professor of computer science, said, “You see that with a lot of new technology.” Security is frequently neglected. Our research has relevance since it demonstrates how hacker-prone the technology in these drones is.
Drones are expensive. According to a recent Fortune article, the average price is around $550, though costs greatly vary depending on how sophisticated a device is. Drones used by hobbyists are typically flown for entertainment and for aerial photography or cinematography.
However, more sophisticated commercial drones are capable of handling harder jobs. Drones equipped with sophisticated cameras are now being used by farmers to inspect fields and help decide when and where to apply fertiliser and water. Advanced drones are also useful for search and rescue operations in difficult terrain. Some companies, like Amazon, are considering employing them to distribute goods.
The 3 Effective Hacks
Watkins, a senior cybersecurity research scientist at the Whiting School of Engineering at Johns Hopkins University, required his master’s degree students to use the information security concepts they had studied in a final project.
Watkins suggested they perform wireless network penetration testing on a well-liked hobby drone, find vulnerabilities, and develop “exploits” to interfere with flight control by a drone operator on the ground. Watkins also holds appointments in the university’s Applied Physics Laboratory and Information Security Institute.
A piece of software that is often directed towards a computer programme or device to exploit a programming defect or flaw in that programme or device is called a “exploit,” according to student Michael Hooper.
For instance, the students pounded a drone with around 1,000 wireless connection requests in quick succession, each requesting command of the flying object. The central processing unit of the aeroplane crashed due to the digital flood’s overload. This caused the drone to make “an unplanned landing,” according to the researchers.
In a second successful hack, the researchers sent the drone a particularly huge data packet that was larger than a buffer in the flight application of the aircraft. Once more, this led to the drone’s crash.
In order to perform the third vulnerability, the researchers frequently pretended to be the drone when sending a bogus digital packet from their laptop to the drone’s on-ground controller.
The drone’s controller allegedly eventually began to “think” that the aircraft was the sender. It lost communication with the actual drone, which ultimately required an emergency landing.
According to Watkins, “We discovered three points that were truly weak, and they were weak in a way that we could actually design exploits for.” “We showed here that someone might remotely crash the drone in their yard and just steal it, as well as remotely force the drone to land.”
The researchers informed the manufacturer of the drone they examined early this year of their findings in accordance with university procedure. The firm did not reply by the end of May. In order to determine whether more expensive drone models are just as susceptible to hacking, researchers have started testing them.
In order for future drones used for recreation, aerial photography, package delivery, and other commercial and public safety tasks to leave the factories with enhanced security features already on board, rather than relying on later “bug fix” updates, it is hoped that the studies will serve as a wake-up call.