Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.
Drones are a growing threat for law enforcement and business security officers. In the run-up to Christmas 2018, rogue drones grounded planes at London Gatwick, the UK’s second-busiest airport. But, increasingly it’s not just the air traffic controllers sounding the alarms over drones, it’s also the cybersecurity community.
Drones are already being used as one component of cyberattacks, Tony Reeves, a director at consulting and training company Level 7 Expertise, and a former officer in the UK’s Royal Air Force.
With drones costing from as little as $30 to $10,000 or more for specialist professional models, Reeves said, they can be used for any number of different style attacks.
Low cost and easy to use, drones can deliver a “payload” to carry out surveillance, to capture data, or to disrupt networks. Making matters worse, drones are hard to detect and defeat, he said at the recent CRESTCon ethical-hacking conference in London.
Reeves’ firm is unusual in combining cyberdefense work with expertise in intelligence gathering and unmanned aerial vehicles, and plans to use drones as part of an ethical penetration testing program.
“Drones are disruptive, not least because they bring a rapid reduction in the skills operators need,” he said. “You would crash an old-style remote control plane in 30 seconds, if you had no training. But kids can fly today’s drones.”
Law-enforcement agencies and aviation regulators are increasingly concerned about the risks posed by drones. They poses an unacceptable risk to jetliners. The heavy lithium-ion batteries in drones could puncture the skin of an aircraft wing, or smash the blades in an engine. Groups in Syria and Iraq have used modified remote control aircraft as flying bombs.