Thursday, 05 December 2013
Cyber-security researchers have identified a vulnerability in aerial drones which could allow law enforcement agencies to take control of drones in mid-air to prevent them being used for nefarious purposes.
Matt Peacock and Dr Mike Johnstone from ECU’s Security Research Institute (SRI) found it was possible to hijack the drones’ WiFi connection from a laptop with the right software.
The Parrot AR drone tested in this case is a freely available, off the shelf quadrocopter equipped with a high definition camera and controlled via a WiFi connection.
Similar drones have seen an enormous increase in popularity in recent times and are commonly used for crop dusting, commercial photography, biological studies and weather reporting.
The ECU report, titled Towards detection and control of civilian unmanned aerial vehicles, has investigated ways to prevent criminal and terrorist activities with similar devices.
The Parrot AR drone is a popular, off-the-shelf model available for about $350. Researchers found it was susceptible to a “de-authentication attack” where control of the drone could be overtaken while it was airborne.
Mr Peacock and Dr Johnstone believe a similar attack could also be used to interfere with the drone’s on-board camera – even substituting video.
“Given that many small UAVs have on-board HD cameras for guidance purposes, misuse of the camera can raise privacy concerns, because UAVs can traverse property boundaries easily and quickly,” the report said.
While there have not been any reported cases of criminal charges stemming from drone use, Mr Peacock said it’s only a matter of time.
"The misuse of small UAV's such as the Parrot by criminal or terrorist elements is a potential threat to critical infrastructure," the report concluded.
"This is due to their low cost, wide availability, operability in unrestricted airspace and the ability to carry a small but dangerous payload."
The research paper was presented at the recent 2013 SRI Security Congress and can be downloaded from the download section of this page. For more information on the Congress visit its website.