Alert: your drone data is intercepted by hackers and security

Drone journalism logs

You shot amazing video footage. A guaranteed viral. But back home you discover someone already uploaded your material. Stolen, while you were busy operating your drone. What?

Drones can be hijacked or made uncontrollable from a distance. Video and data can be easily intercepted by hackers, data thieves and authorities. The device is far from hack-proof.

A remote controlled drone, I can surely hijack that, Samy Kamkar mused in 20131. He rebuilt a Parrot AR.Drone, mounted it with a Raspberry Pi (mini computer), and baptised it SkyJack. The device autonomously tracks down other Parrot drones and takes over control.

It was easier than I thought, Kamkar tells in an e-mail correspondence with Your Flying Reporter.

Samy Kamkar. Photo: Hugo Alexandre Cruz.

White hat Hacker Samy Kamkar. Photo: Hugo Alexandre Cruz

 

To take over control, all you need is a radio that can transmit and receive on one of the frequencies the drone uses, Kamkar writes. ‘Depending on the drone this can be Wi-Fi, non-Wi-Fi, GPS or another bandwidth.’

The flying buccaneer

In an admirably smart PR move, Kamkar launched his hijacker-drone one day after Amazon announced its plans to deliver packages by drone2. His story was picked up all over the world. Befitting a white hat hacker, he published all SkyJack’s specifications, including open source software, so that anyone can build it (and drone producers can take measures).

It wasn’t even that hard, assures Kamkar: ‘It depends on the security involved how easy a drone is to hack into. The AR.Drone has no security, and the last time I checked it still had not found a way to add authentication or encryption. So then it is very easy to hack such a drone.’

 

And it might be just as easy to hack into the drone control system of other brands. The popular DJI also uses the Wi-Fi channel, and on a Github hackersforum it is claimed (but not yet proven) that these drones are insecure, and it is only a matter of time until these will be hijacked too.

Lost drone control ? You’re being jammed

What already is possible, is jamming the WiFi-signal of the DJI. If the radio frequency between a drone and the controller is jammed, the drone becomes uncontrollable. Most new DJI models are equipped with GPS, so that they automatically return to the drone pilot if the wifi signal is jammed. But this return flight is depending on GPS-signals, and these can be jammed too.

Kamkar: ‘Radio frequency jamming either takes a level of technical sophistication, a search on the internet for schematics to create a jammer, or simply the online purchase of one3. As a note: most countries have banned the usage and possession of jammers and blocking devices.

Security forces want to down your drone

How about security forces? In The Netherlands, the police is exploring ways to take over control of UAVs, and track down the location of the operators4.
For national security that might seem useful: the police intercepting drones filled with explosives, flying them to a safe location. But once security bodies can make use of such a system, it is easy to bring all kinds of devices to the ground, claiming subsequently it was a security measure. The development in the Netherlands concerns drone-expert and jurist Dr. David Goldberg. ‘(journalists) may be pursuing investigative reporting, and use the drone for a legitimate news gathering purpose. If that can be somehow obstructed by the police or security service, that seems to me rather worrying. The issue then is: does the journalist have a right to use his flying camera, even if the authorities disagree.’

Drone fly-aways

A signal interference on your drone doesn’t mean that hackers are targetting you. According Dutch drone specialist Peter van Leeuwen, many companies secure their wifi-networks using a wifi-jammer. If you fly near company building, your drone signal can be jammed because of that, as most drones fly at 2.4 Ghz, the same frequency used by local wifi networks5.

Some U.S. model aircraft pilots on the forum of FVPLab on  noted that military bases are jamming their radio signals as soon as they fly too close to military bases. According to these pilots the military bases jam signals on various frequencies.

Interception of video signals

In 2008 the Wall street Journal reported that Iraqi militias intercepted video files from a American Predator6. It is likely the militias used Skygrabber, a 26 dollar software package, that can be employed to intercept music- and video files, downloaded by others. According to Wired it was it at least possible until 2012 to intercept videos from military drones . That is how hard it apparently is to prevent it.

According to Kamkar it is child’s play to intercept the video signal that a news drone sends to a journalist on the ground. ‘Many drones and video transmitters have little security, he says. And that can be a problem for a reporter. While he is busy gathering the news, someone else can intercept and publish the footage.
That raises a legal issue: is it prohibitted to intercept video signals from an open frequency? Is the drone a flying TV-broadcaster or a flying camera? And, when the drone pilot is a journalist, can his data be protected the same way his sources are protected?

You can read more on privacy issues in the DND editorial: Little brother peeking drone reporter

  1. Samy Kamkar is a notorious hacker. In 2005 he spread MySpace worm Samy, one of the quickest computer viruses ever. He was convicted to 90 days of communal service, payment of an unknown compensation, and a three year ban on using a computer. As soon as he was allowed to use his computer again, in 2008, he demonstrated how the creditcards of Visa, MasterCard and Europay could be read out. Converted to ethical hacking, Kamkar displayed several other security leaks and revealed in 2011 on the frontpage of the Wall Street Journal that Apple, Google and Microsoft (respectively iPhone, Android, Windows Phone) were spying on their smart phone customers by storing their GPS and wifi history. The disclosure led to a series of lawsuits.
  2. Amazon boss Jeff Bezos announced the plan on 1 December 2013. ‘Amazon Prime Air’  was trumpeted to be able to deliver packages within 30 minutes or less. The 2015 FAA (Federal Aviation Authorities, US) rules effectively killed these plans.
  3. . An example of such a schematic can be found on the website of Bahnhof, a Swedish broad band provider: How to kill UAVs
  4. NRC, Juli 2014, Police wants to down airborne drones (Dutch)
  5. Van Leeuwen, Fly aways, how to prevent them (2Brothers R/C
  6. the predator is a military drone, used mainly for bombing.

Stijn Postema

Stijn Postema is a journalism lecturer and freelance reporter from the Netherlands. He has a background in journalism, arts and design.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *