Countering Drones - An Evolving Cybersecurity Requirement

Countering-Drones: A Global Challenge

The illegal use of drones is now a pressing security concern across the world as terrorists, activists and criminals are adopting drone technology and developing new, creative and sophisticated ways in which to commit crime and terrorism. The use of drones for hostile reconnaissance in theatres of conflict, and combined with their adaption to carry Improvised Explosive Devices (IEDs), has signalled the rogue drone threat landscape is increasingly diverse and has become more aggressive.

• Find out more about Defence iQ's annual Countering Drones conference taking place this June 2020

As drones continue to evolve from novelty items to a ubiquitous business tool, resourceful network intruders may also see an opportunity to leverage drones’ proximity to homes, businesses, critical infrastructures and defence sector premises to turn the machines into a jumping-off point to networks and systems, thus creating a new category of infection vector from which the defence sector must now defend itself.

Network Infection

The use of drones as rogue Wi-Fi access points may be one of the most simplistic yet effective tactics for targeting individuals. Cyber research experts at Booz Allen Hamilton suggest that drones equipped with a device like a Wi-Fi Pineapple can be placed in proximity to a target premises and be used to harvest credentials, perform man-in-the middle attacks, and conduct network reconnaissance. Even users connected to legitimate company access points could conceivably be forced to connect to the drone’s Wi-Fi if the target’s network does not prevent forced de-authentications.

This threat is further amplified by the growing culture of Bring Your Own Device (BYOD) with organisations flooded by employees who are encouraged to make use of their personal devices to access enterprise systems and data providing further connections for cyber drone hackers.

• Read former U.S. Navy Cyber Security Division Director RADM Danelle Barrett's think piece on Cybersecurity Innovation: Transforming the Enterprise

To commit their cyber intrusions, drones may park themselves on the roof of a building or other concealed location, including those that are in enclosed areas that are otherwise off limits to foot and vehicle traffic which describes many defence sector installations. Conventional security measures including all physical protection and bio-metric entry systems are rendered useless against drone-based network attacks that are not unprecedented but, to date, is a tactic which has predominantly remained in the realm of controlled research environments.

Drones equipped with specially fitted hardware and software may also be used to install malicious malware on systems or disrupt system’s operations, particularly devices that are vulnerable to exploitation of wireless protocols like Bluetooth

Security researchers have demonstrated drone-based attacks that range from the simplistic to the complex and esoteric. Drones hovering outside office windows have hijacked a Bluetooth Mouse to silently install malware on a computer, and a drone-mounted video recorder was used to receive communications from a malware-infected computer that emitted light pulses through a window. Drones equipped with specially fitted hardware and software may also be used to install malicious malware on systems or disrupt system’s operations, particularly devices that are vulnerable to exploitation of wireless protocols like Bluetooth.

Drone-enabled network attacks may never reach the scale of traditional remote network cyber-attacks but the possibility of their use may require all in authority to consider their airspace as another component of an attack surface that must be defended.

The requirement for both the attacker and the drone to be in close proximity to a target will limit the frequency with which drone based attacks will be used, but the threat nonetheless remains real and should not be underestimated.

Airspace as Attack surface

To mitigate the threat organisations must raise awareness of the risks and provide training to their personnel upon how to report rogue-drone sightings and the action that is then swiftly taken to respond to the incident.

A further measure would be to invest in the provision of physical security to recognise drones as a potential threat, including for those organisations that consider themselves at high risk of drone-based cyber-attacks, the deployment of drone detection systems that jam, hijack, or otherwise disrupt their flight path.  

There are also a variety of measures that can be taken to prevent network attacks, such as turning off the wireless network when not in use, updating administrator passwords on routers regularly, and using security measures such as wireless traffic encryption and firewalls but all of these measures may prove disruptive to larger organisations operations but nevertheless, will safeguard the theft of sensitive data.

The emergence of rogue drone activity has created a new dimension and a fundamental shift in the way in which the safety and security of buildings, personnel, data and other assets should be protected from the threat of hostile drone reconnaissance and cyber-attack. The defence sector now needs to prepare and equip itself against this new and emerging airborne cyber threat.